Forum Discussion
kj07208_118528
May 08, 2014Cirrus
The relaystate is to carry additional information that the IDP has specified. I'm running into the same issue. If you start from the SP it all works but if you want to start from the IDP it's a lot more trickier. There are a couple of answers on devcentral but you have to use an irule. Sorry can't remember the direct article.
If they establish a session to the webtop then you can do link to the IDP as follows https://myfed.corp.com?saml_res=xyz (use the logs to get this information) I'm about to try this with using NTLM so the sign on is seamless and try the links that I stated above
- Rabbit23_116296May 08, 2014NimbostratusYes NTLM works great - i have a NTLM SSO solution https://devcentral.f5.com/s/articles/ntlm-integrated-sso-for-saml-with-the-apm-module-and-an-external-logon-page which works well for me but I''d advise you to try Michael's - he really did an amazing job with his implementation and its entirely native to the appliance - https://devcentral.f5.com/s/articles/leveraging-big-ip-apm-for-seamless-client-ntlm-authentication Let me know how it goes for you!