SAML configuration with LTM exposed app

Question

Dear all,I need to expose an internal web application from my BigIP but I don't want to expose directly the application logon page. The developer said to me that it can support SAML so I was thinking to implement it on my F5. I don't understand what is the best configuration I can use, do I need both IDP and SP configured on the BigIP? Because if I configure it only as IDP the users need to access the application homepage before being redirected to the IDP, am I wrong? &nbsp;Thank you in advance&nbsp;Luca

dave_w · Answer

Hello Luca, this depends. In this use case it does sound like APM would be the SP. You could have the APM be both the IdP and SP (or use an external IdP). Regarding your last question, no, typically SAML can be SP or IdP initiated. So they could go to the App (SP) first or the IdP first.

Here is some more info:

https://www.youtube.com/watch?v=WdRJZ5BnZug

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-1-0/29.html

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/30.html

Forum Discussion

SAML configuration with LTM exposed app

1 Reply

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Protect an application exposed on Internet with F5 XC WAAP

Exposed HF API tokens, Hacks, MS news-Dec 3-10 2023-F5 SIRT-This Week in Security

Enable SAML Service Provider on F5 Distributed Cloud Application

BIG-IP BGP Routing Protocol Configuration And Use Cases

Configuration Example: BIG-IP APM as SAML IdP for Amazon Web Services