Need help filling in the missing pieces for my SAML SP to LDAP Query scenario.
Let me start off by saying that I am pretty new to administering the F5 APM and F5 technology in general. With that being said here is what I'm trying to accomplish:
I am trying to set up a new external portal access. The way we would like this to work would be to have the F5 APM be set up as a SAML SP that authenticates against our corporate IdP with their AD credentials. The user would then be returned to a Dynamic Webtop displaying what the user has access to based on an LDAP query. Then to be able to use SSO to allow the users access to those resources. I have most of it setup already, but I believe I am having an issue with passing the username over to the LDAP Query in the correct format. Here is how my access policy looks so far:
I believe I need a Variable Assign after SAML Auth splitting the domain from the username. The format for the logon is Domain\Username. That should work as we purposefully have our AD usernames and LDAP usernames in the same format. I'm just not sure what the Variable Assign should contain. I believe it should be pulling from "session.saml.last.identity" to get the username information, but how do I get it to split the domain from the username.
I am also not sure if the SSO Credential Mappings item is correct. It is currently set up for the SSO Token Username is set to Username from Logon Page, but I'm not sure what the custom attribute should be.
If someone could please help me out filling in the missing pieces here and maybe show me some examples, I would appreciate it.
Thanks,