SAML server SSO

Question

Hi,
F5 v12.1.2 works well as SAML SP, but I am not sure how to handle server SSO (so server does not ask user for credentials.)&nbsp;
I understood from other posts, that F5 has to act as IdP for frontend server to handle server SSO which is SP (standard server SSO methods like form based/basic/ntlm cannot be used as F5 has no password). &nbsp;
So should I just create SAML IdP config with some dummy IdP Entity ID (URL) and then use it in SSO configuration + insert box "SSO Credential Mapping" in VPE and configure web frontend to use F5 as SAML IdP?&nbsp;
I guess I need to forward some attributes to web frontend, but I'll hopefully sort out in IdP configuration.&nbsp;
Thanks
Zdenek&nbsp;

daniel_varela · Answer

Hi,
If you are using SAML SP in your APM configuration you have little options to do SSO. This is because you don't have a password to cache.&nbsp;
Probable your best one is to configure Kerberos as you can use KCD to raise tickets on behalf of the client. Maybe the IDP can send you the password in an encrypted attribute and then you can make use of that but in my opinion in don't like password travel around, it breaks the beauty of SAML.&nbsp;

Forum Discussion

SAML server SSO

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Enable SAML Service Provider on F5 Distributed Cloud Application

Enhanced Modern Applications and MicroServices SSO with NGINX

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

SSO

Secure Modern Applications and MicroServices SSO with NGINX