This configuration supports:
When you want to use Access Policy Manager as a SAML IdP and must support connections that start at the IdP or at service providers, you need to meet these configuration requirements:
A SAML IdP service is a type of single sign-on (SSO) authentication service in Access Policy Manager (APM). When you use a BIG-IP system as a SAML identity provider (IdP), a SAML IdP service provides SSO authentication for external SAML service providers (SPs). You must bind a SAML IdP service to SAML SP connectors, each of which specifies an external SP. APM responds to authentication requests from the service providers and produces assertions for them.
A SAML service provider connector (an SP connector) specifies how a BIG-IP system, configured as a SAML Identity Provider (IdP), connects with an external service provider.
You can use one or more of these methods to configure SAML service provider (SP) connectors in Access Policy Manager.
Setting up a BIG-IP system as a SAML identity provider (IdP) system involves two major activities:
This flowchart illustrates the process for configuring a BIG-IP system as a SAML identity provider (IdP) that provides an SSO portal.
When the RelayState parameter is already part of the authentication request to the BIG-IP system, APM returns the value that was sent in the request. Otherwise, APM uses the value from this configuration.
You associate the access profile with the virtual server so that Access Policy Manager can apply the profile to incoming traffic.