Forum Discussion
steirtet
Nimbostratus
Hi,
Thanks for the answer, but this iRule retrieves the username/password without using SAML. The problem with SAML is that is using redirects between the SAML SP and the SAML IdP. In this case, redirects are not supported and not allowed. The problem remains, how to solve this via an iRule?
Thierry
Gabriel_V_13146
Sep 09, 2014Cirrus
Hi,
there are several SAML profiles (options how to use the SAML messages). F5 supports the WebSSO profile - thus redirect/post SAML messages between SP and IdP. So it's not really clientless.
I don't know if it helps, but just an idea -
If your SP can consume a SAML assertion, you could use 'IdP-initiated' SSO, so you can let F5 send the LoginResponse directly without any request. That can be done setting up a webtop with SAML connectors. In that case the APM will expose links (I don't recall exact url, see the links which are bound to the webtop links) sending a SAML response to the SP. And as a login action your application just sends user to the exposed IdP link.
Have fun
Gabriel