Forum Discussion

JoeTheFifth's avatar
JoeTheFifth
Icon for Altostratus rankAltostratus
Mar 08, 2017

BigIP as IDP ADFS v3 as SP

Hi Guys,

 

Been a long time I haven't played witht my bigip ve. I tried to configure a federation setup today but hit a wall :-) the setup: BigIP as IDP => ADFS (2012 R2) as SP Access Policy => Login => Ldap Auth => Sucess => Allow I created a saml IDP I created an axternal SP from the adfs metadata file. imported certificates. Linked the Idp to the SP Created an Saml SSO profile I used this link to do the setup: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-saml-config-guide-11-3-0/3.html

 

I'm using version 12.1.2.0.0.249 (evalation)

 

I imported the bigip idp metadata file into the adfs server Now when I try to access my app I'm redirect i get the adfs login page. I choose F5 and I'm redirected to the bigip login page. I enter user and pass and get a page not found. The apm log shows this:

 

ar 4 10:36:32 bigipv12 err tmm[11344]: 014d0002:3: 9a037651: SSOv2 Error: No SP Connector attached to SAML SSO from assigned SAML resources matching authentication request. If ACS URL is present in authentication request it should match ACS URL from SP Connector. If Issuer is present in authentication request it should match entity_id from SP connector. Mar 4 10:36:32 bigipv12 err tmm[11344]: 014d0002:3: 9a037651: SSOv2 Error(16) Unable to find SAML SSO/SP Connector object matching SAML Authn Request Mar 4 10:36:32 bigipv12 err tmm[11344]: 014d0002:3: 9a037651: SSOv2 Abort reason: Error in decompression callback

 

2 Replies

  • I got inspired by my own question !! I checked the access profile and it was set to Authentication. I created another one and chose type 'ALL LTM-APM'. Now I get redirected to adfs. I still get an error but the redirection is working.

     

    • JoeTheFifth's avatar
      JoeTheFifth
      Icon for Altostratus rankAltostratus

      the second error was a certificate error caused by datetime maismatch between bigip and adfs server. everything is working now as expected.