Difference between revisions of "F5 Implementation"

Revision as of 16:38, 2 February 2015

About

This page enumerates some outstanding issues using F5 as a SAML Service Provider within NIEF.

Issues

Be aware that some of these issues may eventually be fixed and the list will try to be updated as these fixes occur.

SAML Metadata / Importing New Entities

If the SAML entity supports multiple certificates, F5 is likely to only work with one of these certificates (and it's not likely to be clear which certificate it is using). Likely the metadata should be reduced to specify only a single certificate prior to importing.
F5 may not parse out the SSO bindings correctly when determining what URL to use for SAML SSO (specifically, it will try and use the Shibboleth endpoint for a default Shibboleth IDP metadata file instead of the SAML endpoint). At a minimum review the endpoint URL for correctness when importing.

Unsolicited SSO (aka IDP Initiated SSO)

F5 either does not support unsolicited SSO (as it requires a cookie specifying which IDP handler to process a given assertion with prior to processing it).

SAML Redirect Binding

F5 currently does not support the SAML Redirect Binding. There is an outstanding bug that they are working on, so a hot fix may be available soon.

@@ Line 11: / Line 11: @@
 === Unsolicited SSO (aka IDP Initiated SSO) ===
 F5 either does not support unsolicited SSO (as it requires a cookie specifying which IDP handler to process a given assertion with prior to processing it).
 === SAML Redirect Binding ===
 F5 currently does not support the SAML Redirect Binding.  There is an outstanding bug that they are working on, so a hot fix may be available soon.

Difference between revisions of "F5 Implementation"

Revision as of 16:38, 2 February 2015

Contents

About

Issues

SAML Metadata / Importing New Entities

Unsolicited SSO (aka IDP Initiated SSO)

SAML Redirect Binding

Navigation menu

Views

Personal tools

Navigation

Search

Tools