Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Using F5 as a Service Provider with Okta IdP

ecohler
Nimbostratus
Nimbostratus

‎10-Aug-2022 13:29

I've read part 1 and 2 of this article for how to connect F5 as a service provider to Okta:

Secure Access to Web Applications with F5 and Okta... - DevCentral

However, it doesn't provide instructions for how to get the Single sign on URL and the Audience URI for the app, and I also can't find an article for how to connect F5 to the application to pass the header or kerberos auth to. Could someone help me? I'm basically looking for what information I'll need to retrieve and give to the owners of the systems using legacy auth in order to connect those systems to F5 to use Okta auth with them.

Labels:
2 REPLIES 2

JoshBecigneul
MVP
MVP

‎10-Aug-2022 18:35

Hi @ecohler,

So in this case the Audience URI and the Single sign on URL would be based on the DNS hostname for the VIP your access policy is attached to, meaning: the way that Okta would communicate with the SP and what appears in your browser.

In the BIG-IP interface, the Audience URI is the same as the Entity ID field from the SAML SP Service editor, in the General Settings section. 

JoshBecigneul_1-1660181678944.png

The Single Sign-on URL is a combination of the Audience URI, followed by the URL path /saml/sp/profile/post/acs. This is also called the Assertion Consumer Service URL. The path should always be the same, but the hostname would change for each unique service provider/application. Example: https://sp.example.com/saml/sp/profile/post/acs

In the linked guide you can see in the example that their Audience (SP Entity ID) is https://app.f5sec.net, and the Single Sign-on URL is https://app.f5sec.net/saml/sp/profile/post/acs

Hope this helps,
Josh

0 Kudos

Leslie_Hubertus
Community Manager
Community Manager

‎22-Aug-2022 17:31

 @ecohler  - were you able to work with the advice from @JoshBecigneul ? If yes, don't forget to click the button on his comment to Accept as Solution so that anyone else looking for an answer to the same problem can easily find the solution. 🙂

0 Kudos
Copyright © 2023 Khoros, LLC