ADFS Proxy without password
Hello!
When a SP-initiated federation is initiated and the user gets to BIGIP APM you normally use a Logon page and send their credentails to ADFS with a "forms client initiated SSO".
But imagine a scenario when your users is authenticated through a "SAML Auth", BIGIP only has access to their username. When BIGIP tries to pass credentails with forms client initiated sso this fails because BIGIP is unaware of the password and therefore redirected to ADFS Form-based login page.
Is there any workaround for this ? One workaround is to throw up a logon page after a successfull saml auth but I need a passwordless logon for my purposes.
Regards,
Johan
I figured it out. You need to configure a new claims provider (in this case BankID) and make it available to the RPs. Then you need to make BIGIP to choose wether to use the new CP or Active directory with an iRule.