Forum Discussion

Nimbostratus

Mar 15, 2016

SAML SP Initiated Connections

I'm in the process of rolling out APM as a SAML IDP. Currently, we have 6 applications that are all going to be using SP initiated SAML coming from a external provider which we do not manage. I hav...

application delivery

BIG-IP Access Policy Manager (APM)

Michael_Jenkins

Cirrostratus

Mar 15, 2016

In an SP initiated scenario, if you look at the SAML request that comes through (which you can do in Firefox using an addon called SAML Tracer, for example) you'll notice a couple of fields in the request:

Issuer

(which seems to match to the

Entity ID

you set in your SAML config in APM) and

Assertion Consumer Service URL

among others. I'm not exactly sure which one it uses (I think it's the Assertion Consumer Service URL), but the APM matches one of those values with the corresponding External SP Connector to figure out which one to use, and then does it's processing based on that.

Also, within the policy - through the VPE - you can assign resources to users that they should be allowed to access.

Hope this helps.

Forum Discussion

SAML SP Initiated Connections

Recent Discussions

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

BWC iRule

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

Related Content

Proxy Protocol Initiator

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

IdP Discovery for IdP Initiated SAML

Enable SAML Service Provider on F5 Distributed Cloud Application

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request