Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

F5 APM nameid management

In typical SSO environment, user accounts are maintained by IdP. Many service providers also maintain a local database of active users. They map nameid coming as part of SAML assertion from IdP to a user in local database to allow access.

We have integrated such service providers to keep users in sync (typical csv file integration).

Some SPs (for e.g dropbox) create account on the fly in local database when a users logs in for the first time. Only way a user log in is via IdP, it is considered safe. However, each of these SP provide a mechanism using which we periodically delete inactive accounts.

We have successfully configured F5 APM/LTM as SAML Service Provide (SP). And, we are using create nameid option. The question is where does these nameid gets created in F5? And, how one manage these (i.e delete accounts not used for a while)?

Would highly appreciate if someone could shed some light on this.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello Manish,

I've looked through F5's documentation, and I don't think that there's a way to view/edit nameid. My best guess would be that APm doesn't log inactive/active accounts, or else APM prunes anything it creates by itself, as F5 has no documentation on deleting unused service accounts. Maybe I just haven't looked hard enough but that's my take.

Best of luck,

Austin

0
Comments on this Answer
Comment made 3 weeks ago by Manish 01 10

Hi Austin,

Yes, that seems to be the case. i.e. APM does its own nameid management and deletes it after some time.

I posed the same question to our SE and above was the answer I got. Good, one fewer thing to worry about.

Thanks a ton for looking into it.

Manish

1