SAML question

Question

I am trying to get a SAML setup working and struggling.&nbsp;
Environment is LTM 11.5.1.HF7 on a 10200.&nbsp;
This is a 'BIG-IP as SP' setup. The iDp wants to receive the following URL from the BIG-IP in order to get started. If I paste this into a browser it works fine.&nbsp;
https://myaccess.dmdc.osd.mil/identitymanagement/authenticate.do?gotoUrl=https%3A%2F%2Fmyaccess.dmdc.osd.mil%2Fopensso%2Fidpssoinit%3FmetaAlias%3D%2Fauthorization%26spEntityID%3DHRC-WEB%26binding%3Durn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-Artifact&nbsp;
If I use this as the Single Sign On Service Settings under Endpoint Settings it appears that the F5 is somehow trashing this by appending more parameters to it. &nbsp;
The end result is that my session does not initiate properly.&nbsp;
I am a total newbie to SAML. Any advice is appreciated.&nbsp;

boneyard · Answer

from that link it seems the IdP wants to do artifact binding, something BIG-IP as SP doesn't support in the 11.5.1. it is support from 11.6.0, but not for the initial contact I believe.&nbsp;
you should check if your IdP can accept Post or Redirect as a way to start the process.&nbsp;

Forum Discussion

SAML question

1 Reply

Recent Discussions

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

Enable SAML Service Provider on F5 Distributed Cloud Application

Health monitor question

F5 Connection Mirroring question

Novice Question - irules

SAML SLO Error