NimbostratusI'm currently working on setting up F5 Big-IP APM as the service provider for O365 with an internally developed authentication product with SAML support. There are plenty of documents on setting up APM as O365 identity provider or setting up APM as service provider for internal applications but nothing I can find specifically on this, any hints on where to start?
Hi there - I am having a hard time understanding what you want to accomplish. I'm assuming the internally developed authentication product with SAML support is an IdP, correct? O365 would be a SP, what service would APM be providing?
Dan
NimbostratusIt is an identity provider. I have been asked to use F5 APM but authenticate using their product with F5 providing the access.
Hi there - Let me ask like this: From which IdP would each SP (APM and O365) consume assertions from? Are you saying that APM consumes an assertion from the internally developed IdP and O365 consumes an assertion from APM (APM as IdP and SP)?
NimbostratusThat is the specification I have been given, yes. Essentially the internally developed IdP has greater flexibility in authN methods and biometrics and it presents a good use case for their product so the internally developed IdP would assert towards APM and APM asserts towards O365. Or at least that's been my understanding of how such a system would work.
Hi There - This article from Cody Green about IdP chaining is a great example and should fit your requirements.
Dan
