Forum Discussion
jamed_40076
Nimbostratus
Yes, SP-initiated.
The Access Policy is just:
Start -> SAML Auth -> Successful +> Allow
-> Fallback +> Deny
The access profile is pretty much default, single domain, no domain cookie, secure cookie, no SSO configuration.
The Local SP Services is setup as follows:
Entity id: https://service.contoso.com/sp
Assertion Consumer Service Binding: Post
Security Settings: All checked
SP's Authentication Signing/Assertion Decryption Private Key: service.contoso.com.key
SP Certificate: service.contoso.com.crt
Same certificate used to encrypt the https://service.contoso.com Virtual Server.
I just used the ADFS template to create the SAML IDP Connector.
Thanks
jamed_40076
Nov 05, 2015Nimbostratus
I found the issue. APM does not play nice with anything STREAM in the HTTP_Response (even when it wasn't doing anything). To fix it I added a rule (if {[HTTP::header value server] contains "/servicename/"}) so that it wouldn't fire during the APM response.