For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

saml 2.0

2 Topics

Sending specific active directory groups as SAML attributes
This is a two part question. We are building out SSO with a new Service Provider (SP). The SP is looking for specific Active Directory group(s) that they will use to determine the user's role. The attribute we are passing is named "RoleName" and the value is %{session.ldap.last.attr.memberOf}. Is there a way we can send just the groups they need instead of sending all groups the user is a member of? How can everything after the first CN be stripped off? For example, if member of returns CN=abc group,CN=Users,DC=company,DC=com and you want to return just "abc group". We are running F5 Big-IP LTM and APM version 12.1.2.
Kerry_Carey
Nov 06, 2017 Place Technical Forum
724Views
0likes
1Comment
APM Access Policy|SSLVPN | SAML auth questionnaires
Hello All, I had a conversation wiht tech team, they asking about APM login auth via SAML. We are deploying SSLVPN and we have specific EPS checks and MFA. I have confirmed that in such approach we can't auth login via SAML, as it is at the end a web based auth for a web services. Our deployment is based on edge client and we have a security posture to append. I'm totally aware of such point, however we are in brainstorm mode here for such discussion any expert had any update or idea here ? It was long time no see, and I'm glad to return back delivering for the community. Thank you.
Solved
M_Saeed
May 10, 2025 Place Technical Forum
175Views
1like
3Comments