SAML IDP
1 TopicF5 configured SP initiated SAML Authentication causing multiple Redirects
F5 configured (source-ip based) to talk to 2 IBM HTTP Servers and webservers are loadbalancing using Traditional loadbalancing (Round-Robin) and routing requests to 8 JVMs of a Websphere ND Cluster. 2 Applications are deployed with context root /maximo and /saml/acs on the same cluster. When SAML Authentication is triggered via F5. We have 2 scenarios to take care F5 :- HTTPSOFFLOAD is enabled with end to end validation using HTTPS only 1. https://abc.com/maximo URL loads successfully. No issues in Authentication to SAML. When loaded follows below path 1) Incognito Browser(User) requests resource from Service Provider (SP). 2) SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). 3) Since it is first login, User gives the (IdP) his/her valid credentials. 4) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page. 5) User receives the landing page. THIS IS WORKING 2. https://abc.com/maximo/ui/?event=loadapp&value=asset&changetab=viewtab&uniquid=123455 1) Incognito Browser(User) requests resource from Service Provider (SP). 2) SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). 3) Since it is first login, User gives the (IdP) his/her valid credentials. 4) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page. 5) Cannot find the resource and SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). 6) IdP then redirects Browser (with SAML Response which includes SAML token) to the SP page. 7) Cannot find the resource and SP Redirects (with SAML Request) to Identity Provider (microsoft-entra). Keeps redirecting multiple times and Finally timeout is hit and doesnot respond at all. It keeps redirecting when long URL is challenged. Do we need to have special irules to retain JSESSIONID state or WAS - I see this is an issue with respect to Cookie persistence261Views0likes13Comments