Forum Discussion

Cory_Blankenshi's avatar
Cory_Blankenshi
Icon for Altostratus rankAltostratus
May 24, 2018

SAML, APM, and F5 in the middle

We have an internal OAM identity provider and a new external application that will act as the service provider. When users login to this application, they will need to go through APM. I have been ask...
APM
application delivery
saml
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
May 25, 2018

Hi Tom,

 

So this kind of implementation is possible, I already implement IT for several kind of need.

 

When you have Level auth in different IDP

 

  • IDP1 - Username/PWD
  • IDP2 - OTP

I have applications that require to authenticate in IDP2 (OTP) and therefore goes through the IDP1.

 

In other case I have an IDP cascades that redirect users to their correct IDP according to the email domain for example...

 

what you want to do is a case study:

 

You have to deploy your configuration like this:

 

  • You have your application that will be bind to your internal IDP hosted by F5.

  • Create your IDP in F5 (your IDP will have an sso profil for IDP and SAML Auht). The saml Auth will be bin to your IDP (OAM IdP).

     

  • Then you will have to bind your F5-IDP to OAM IdP

     

You will have to create this object in F5.

 

  • F5 as SP (application) if your application/auth is manage by F5.
  • F5 as IDP (for your IDP F5).
  • F5 as SP (for your IDP F5) that will be use to auth in OAM IDP.

Then you have to set all binding...

 

Let me now if you have a specific question on need more details.

 

regards