NimbostratusIs it possible to go directly to a virtual server, authenticate and then POST the assertion directly to the service provider using Big IP? I've been testing this and I can not get the application to go further once the access policy successfully completes.
EmployeeWere you able to get this working? IDP initated SAML should work just fine. In the IDP, there's a configuration for where to send the reqeust after it is done processing.
NimbostratusHey
yeah I got idp initiated SSO to work but for services to do this I had to assign to webtop and then an irule to 302 the browser to the relevant webtop link. so its not ideal but it does the job. I believe this is what relaystate is for but I couldn't get this to work.
CirrusThe relaystate is to carry additional information that the IDP has specified. I'm running into the same issue. If you start from the SP it all works but if you want to start from the IDP it's a lot more trickier. There are a couple of answers on devcentral but you have to use an irule. Sorry can't remember the direct article.
If they establish a session to the webtop then you can do link to the IDP as follows https://myfed.corp.com?saml_res=xyz (use the logs to get this information) I'm about to try this with using NTLM so the sign on is seamless and try the links that I stated above
Nimbostratus