Forum Discussion

Ziga_Jakhel_139's avatar
Ziga_Jakhel_139
Icon for Nimbostratus rankNimbostratus
Jul 09, 2014

SAML IdP - Error 504

Hi!

 

When trying to do federated login from ADFS to BigIP as IdP, I am getting a 504 response from the BigIP.

 

Process:

 

1) I log into my web app, that redirects to ADFS.

 

2) On the ADFS, I choose the Home realm (BigIP)

 

3) Redirect to BigIP /saml/idp/profile/redirectorpost/sso

 

4) Redirect to BigIP /my.policy

 

5) Log in, I see AD login successful and session variables assigned.

 

6) Response from my.policy carries a POST form.

 

7) POST request submitted to BigIP /saml/idp/profile/redirectorpost/sso

 

-- response is 504 with no content.

 

I am new to APM, so I may not really know where exactly to look, however browsing both APM reports and System logs turned up nothing useful or indicative.

 

APM
application delivery
design
performance
security

1 Reply

Sort By
  • Ziga_Jakhel_139's avatar
    Ziga_Jakhel_139
    Icon for Nimbostratus rankNimbostratus
    Jul 09, 2014

    OK, solved this on my own :)

     

    APM reports are pretty tight with useful information, however APM logs available in /var/log/apm give an abundance of information.

     

    In my case, these were the hurdles to jump when getting BigIP IdP to play with ADFS 3.0 SP:

     

    1) BigIP External SP Connector:

     

    Security Settings / Authentication Request sent to this device by SP / Will be signed: NO

     

    Security Settings / Assertion sent to SP by this device: Must be signed, or must be encrypted, or both. Certificate settings: use ADFS Token Decrtyption/Encryption certificate

     

    Endpoint Settings / Relay state needs to be filled. https:///adfs/ls/

     

    2) BigIP IdP service - add a UPN claim. ADFS requires it, else it will refuse to work.

     

    3) ADFS Claims Provider trust (advanced): use SHA 1 algorithm for hashing

     

    Hope this helps anybody else on this path...

     

    Regards,

     

    Z