Forum Discussion

hpr_220139

Nimbostratus

Feb 14, 2018

APM/LTM 12.1: SAML IdP and SP possible in one VE?

Hi, Is it possible to run an SAML IdP and one (or better: more) SPs on one VE? I found a sentence in the doc: In a federation of BIG-IP-Systems, one BIG-IP System acts as a SAML Identity Provider and...

application delivery

BIG-IP Access Policy Manager (APM)

LTM

Migara_61430

Historic F5 Account

BTW this will only work if you're not using HTTP artifact binding with SAML2.0.

Having said that you can still configure artifact resolution service if you use HTTP for your VSs. That will come in handy if you just want to lab test, but not for production use for obvious reasons.

[Artifact resolution service] https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/27.html

Henrik_S

Nimbostratus

Mar 20, 2019

Could you please elaborate on why this does not work with HTTPS and artifact binding on the same BIG-IP instance? I see the TCP handshake from the host not beein followed up by a client_hello for TLS but rather sending a straight HTTP-post.

When I read your comment I changed to HTTP and that works, but is really suboptimal..

Forum Discussion

APM/LTM 12.1: SAML IdP and SP possible in one VE?

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

User roles per partition: are multiple possible?

Simplifying Local Traffic Policies In BIG-IP 12.1

Modify vCMP-Guest with ansible not possible?

ASM 12.1 : Top 10 des nouvelles fonctionnalités