Microsoft Dynamics 365 Portal SSO
Hi Just wondering if anyone here has successfully setup SAML2.0 federation with Microsoft Dynamics 365 Portals? This document doesn't specifically mention F5, but I dont' see why it wouldn't work. https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/configure-saml2-settings I have created the site settings similar to AzureAD and shibboleth Authentication/SAML2/F5/AssertionConsumerServiceUrl - https://samltrialf5.microsoftcrmportals.com/signin-saml2 Authentication/SAML2/F5/AuthenticationType - https://sts.myidp.com.au/idp/portal Authentication/SAML2/F5/Caption - MyIDP SSO Authentication/SAML2/F5/MetadataAddress - https://sts.myidp.com.au/idp/f5 Authentication/SAML2/F5/ServiceProviderRealm - https://samltrialf5.microsoftcrmportals.com/ When I go to the portal site and click sign in, I can see an external account option of "MyIDP SSO". However when I click on the button I get a HTTP 500 error from Microsoft "We're sorry, but something went wrong" The metadataAddress currently doesn't actually contain the federationMetadata file from the F5, so I plan on hosting that using an iFile and updating that site setting to see if that might be causing the issue. I just wanted to see if anyone here had been successful in federating with D365 Portals? Cheers, Simon
F5 / APM / IdP / CorpU / Missing SAML Attributes
Hi all, I am having some difficulty setting up our F5 as an IdP for SAML federation with the CorpU application. I have the IdP configuration set up, the SP connector created based on the metadata export from CorpU, and an APM policy set up to to the LDAP auth check and assign the SAML resource if the auth check is successful. The issue I'm running into is that, based on what I'm hearing from CorpU support, the user ID attribute isn't being sent in the SAML request (that's the only attribute I'm trying to send). I've configured the SAML attributes in the APM SAML IdP configuration to the vendor's spec (at least they've told me everything looks fine), but I'm running out of tweaks I can make on the F5 side. If anyone has seen an issue like this before and has can offer any thoughts on a possible solution, I would greatly appreciate it. If you need me to add any configuration info to the thread, let me know. Thanks Everyone!
RelayState Parameter Value for F5 (as IDP) initiated connection to Google Apps/Mail
Hello Experts, I am trying to create a SAML SSO. Below are the details F5 is acting as IDP Google GSuite is acting as SP (we intent to use gmail, drive etc from google with Auth by F5 APM) When I try IDP initiated connection, i.e. Click on the SAML SSO link published in Webtop, I am getting an error from google, which says "The required response parameter RelayState was missing" I have not configured any relaystate parameter in F5 under SAML SP Connector configuration. (rather i dont know what to configure) I tried to search a lot but not getting a definitive working parameter to be used as relay state. Anyone got that working, please let me know how we can get this working or what relay state parameter shall i use when using F5 as IDP and google as SP, and the connection is IDP initiated.