Forum Discussion

Juraj_314736's avatar
Juraj_314736
Icon for Nimbostratus rankNimbostratus
Jan 28, 2019

F5 SAML SP for a portion of a website

Let's say I have the following setup:

  • a website called
    test.example.com
  • an access policy called
    test_apol
    with SAML Auth

If I assign the

test_apol
access policy to
test.example.com
VIP, the entire
test.example.com
becomes Service Provider (SP) and is protected by SAML Auth.

Can I, and if yes then how, place only a portion of the website, i.e. a selected list of HTTP Paths/URIs behind SAML Auth, instead of the entire website?

I.e. if

test.example.com/private
then SAML Auth, otherwise no restrictions.

Just from top of my head, I was thinking about placing an iRule Event in front of SAML Auth; and inside iRule do the filtering of which HTTP Paths/URIs I want to send to SAML for authentication, and which ones just straight to the back-end servers without any authentication:

However, I don't know whether this is the best approach to address my problem, or there is a better more elegant solution.

Any ideas, suggestions, recommendations to address this are much appreciated.