SAML SSO authentication via BIG-IP Edge Client for network access

Hi,

Did you check SP logs after SAML auth process in order to validate that authentication is well done...

Can you confirm that you don't forget to assign a full webtop in your advanced ressour assign (with your NA).

First of you have to target the problematic (VPN policy or saml protocol).

we are in the same situation as you and it works correctly (NA + SAML Auth)

regards

Yes we have assigned a full webtop in advanced resource assign.

SAML response from the Idp is also success with the saml identity in the subject.

After the SAML auth request we are redirected to the start of the VPN access policy which is a decision box. We use a decision box at the start as this is a lab setup used for multiple purposes. I'll try to setup without a decision box and see if that works better as I see this after the SAML auth request: xxx:8fa347d4: Executed agent 'xxx_act_saml_auth_ag', return value 3 ('Need User input'). Even before the SAML success reponse is received from the Idp

Forgot to mention that we are trying with the BIG-IP Edge Client

Still same issue after removing the decision box. The policy of the VPN is restarted at the exact moment that the SAML response from the Idp is sent. The response redirects the user to /saml/sp/profile/post/acs Or should it be redirected to the webtop page?

When I try the VPN in brower like firefox I'm successfully redirected in the browser to the full webtop where the network access is defined. Edge Client uses Webbrowser control and doesn't show the webtop (or only very briefly) but starts the VPN automatically after successful authentication normally. In the webbrowser control the SAML request and responses can't be checked like in a normal browser.