SAML Service Provider Guide

Hi there,

 

Is anyone aware of a good SAML SP guide for the F5? I have an application behind an F5 LTM virtual server that supports SAML and we would like to implement SAML authentication to the app.

 

Does anyone know of any good real world guides for getting a service provider configured?

 

So I'm trying to setup a SAML Service Provider on our F5. I've done some reading on general SAML and have been looking at this guide, https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-saml-config-guide-11-3-0/4.html.

 

I've created a new virtual server in our DMZ and configured a NAT to this new virtual server for https://spservice.domain.com. I've configured the SAML SP service as documented in this guide. I don't have an iDP yet and our partner will be providing one soon, but at this point I should be able to assign the access policy for the SP service to the virtual server. However when I try to assign the access policy I'm told I need a rewrite profile. "saml virtual server requires rewrite profile with rewrite mode is portal for this assignment". This guide mentions nothing about needing a rewrite policy, so now I'm lost as I haven't had to configure one of these yet.

 

So I'm hoping someone out there has documented setting up a Service Profile in a real world scenario because this guide doesn't seem to answer all of my questions. Did I configure this correctly in that the virtual server the guide is telling me is for the https://spservice.domain.com site that external people will be connecting to? Or am I supposed to apply the SAML APM profile to my application that I want to be granting users access to?

 

So, it would be nice to just see a simple walk through of someone setting up SAML in a real work scenario just to figure where I'm not quite understanding things.