Juraj_314736
Jan 28, 2019Nimbostratus
F5 SAML SP for a portion of a website
Let's say I have the following setup:
- a website called
test.example.com
- an access policy called
with SAML Authtest_apol
If I assign the
test_apol
access policy to test.example.com
VIP, the entire test.example.com
becomes Service Provider (SP) and is protected by SAML Auth.
Can I, and if yes then how, place only a portion of the website, i.e. a selected list of HTTP Paths/URIs behind SAML Auth, instead of the entire website?
I.e. if
test.example.com/private
then SAML Auth, otherwise no restrictions.
Just from top of my head, I was thinking about placing an iRule Event in front of SAML Auth; and inside iRule do the filtering of which HTTP Paths/URIs I want to send to SAML for authentication, and which ones just straight to the back-end servers without any authentication:
However, I don't know whether this is the best approach to address my problem, or there is a better more elegant solution.
Any ideas, suggestions, recommendations to address this are much appreciated.