Global profile, shared auth and idp initiated saml

Question

I am fighting a problem with idp initiated SAML on the F5. The scenario is this:
use logs into a website through APM generating an active APM session.
The user then clicks a link sending them to the VIP being used for idp initiated SAML without the webtop. The access policy in the idp SAML APM profile does not run at all, preventing the assertion from being generated and the user being redirected to the vendor site.&nbsp;
The SAML VIP and policy work as desired when accessed directly and no preexisting session is present. SP initialed SAML works fine with the above scenario.&nbsp;
all relevant APM profiles are using global scope and have the same domain cookie configured.&nbsp;
TMOS is v12.0.0 HF1&nbsp;
I'm sure someone else has done something like this...&nbsp;

gpisciotta_3362 · Answer

The way I was attacking this would never work due to how the APM handles IDP initiated SAML. However,this was resolved. Thanks Graham, Chris and Marc @F5.&nbsp;

Forum Discussion

Global profile, shared auth and idp initiated saml

1 Reply

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request

GITEX Global 2023 in Dubai - DevCentral Visits

Global Log Receiver

SSL Profiles

Server Profile SNI