SSO integration using F5 URI Rewrite
Hi,
We have recently implemented a SSO solution using SAML 2.0 which leverages F5 LTM to redirect requests to Service provider based on IDP posting URI. Please be advised that Pega is the SP application.
Here is how the flow works,
Hi,
We have recently implemented a SSO solution using SAML 2.0 which leverages F5 LTM to redirect requests to Service provider based on IDP posting URI. Please be advised that Pega is the SP application.
Here is how the flow works,
- User logins into IDP application and initiates a request to access service provider
- IDP generates assertion and post the requests
- F5 uses URI rewrite to look for posting URI and if it contains a specific keyword, redirect the request to the SP application for authentication and launching the application.
- The URI rewrite also ensures the URL is masked to show the IDP application domain (e.g. https://www.portal.com) not the SP Pega domain (https://www.pegahostUrl/prweb/)
That said, we would like to hear for feedback on this solution from this community and also get advised on challenges anyone faced going down this route.
*IDP - Identity Provider, SP - Service Provider