SAML artifact server - using redirect not post
Hi had a working setup. login.test.com -> SAML IDP Auth.test.com -> OAuth server + SAML SP - to get a OAuth token you needed a SAML ID this worked well until I realised some of the redirects where actually posts and you needed a function javascript engine to process them ! I went about changing the ARS on the IDP to redirect with authentication and setup a ACS to talk to it so login -> SAML IDP + SAML ARS (artifact server) auth -> OAuth + SAML SP + SAML ACS (artifact comsumer service .. basically - my understanding it make an out of band call to login - so it doesn't go via the browser) all working good except for the ACS -> ARS call. I can see the request making it to login, I have an irule to capture the post but the VS is terminating the link tcp rst. No logging in APM or LTM logs I have debug turned on for access profile and SSO doesn't help. Any one got it working ? Any one got any ideas on how to debug the next stepF5 SSO - OAuth with SAML - how to preserve the original protect URL
Hi So I have login -> This is my login server - I have APM protecting it auth -> this is my oauth server it talks to login to get login its a saml call Lets say I have https://uat/<some protected URL>, that I use a OAuth claim to protect it. So when i go to https://uat/<some protected URL> I get redirect to /my.policy then redirect to auth/oauth url redirect to auth/my.policy redirect to login/saml end point redirect to /my.policy redirect to /my.policy the login process redirect to auth/sam return end point redirect to https://uat/Oauth return point redirect back to https://uat/<some protected URL> When it works its okay, but what happens with a bad password or if a user takes to long to login and has to start a new login session any break from normal means that user ends up on https://login/ I have noticed on other SSO work flows - the originating url is in the url passed around - that doesn't happen on F5 I checked the landing on the inital entry to https://auth and the browser doesn't even send the referrer url ... How do poeple cope with this. Note my apm session are on different F5, so I can't share behind the scene variables !