Forum Discussion

Rohit_Singla_17's avatar
Rohit_Singla_17
Icon for Nimbostratus rankNimbostratus
Sep 28, 2017

RelayState Parameter Value for F5 (as IDP) initiated connection to Google Apps/Mail

Hello Experts,

 

I am trying to create a SAML SSO. Below are the details

 

F5 is acting as IDP Google GSuite is acting as SP (we intent to use gmail, drive etc from google with Auth by F5 APM) When I try IDP initiated connection, i.e. Click on the SAML SSO link published in Webtop, I am getting an error from google, which says "The required response parameter RelayState was missing" I have not configured any relaystate parameter in F5 under SAML SP Connector configuration. (rather i dont know what to configure) I tried to search a lot but not getting a definitive working parameter to be used as relay state.

 

Anyone got that working, please let me know how we can get this working or what relay state parameter shall i use when using F5 as IDP and google as SP, and the connection is IDP initiated.

 

    • Rohit_Singla_17's avatar
      Rohit_Singla_17
      Icon for Nimbostratus rankNimbostratus

      great excellent to hear this.. Do mark my post as answer if you are satisfied with the answer ;)

       

    • Rohit_Singla_17's avatar
      Rohit_Singla_17
      Icon for Nimbostratus rankNimbostratus

      It will be SP initiated, for e.g. Just go to Mail.google.com and then it will take you to APM policy

       

      On the APM policy Virtual Server, we added the below irule to make the seamless opening of GMAIL, The location in this irule is the SAML resource for the GSUITE.

       

      ltm rule /Common/Auto-Launch { when ACCESS_POLICY_COMPLETED { ACCESS::respond 302 Location "/saml/idp/res?id=/Common/idp.uti.app/idp.uti_UTI_saml_resource_sso" } when ACCESS_ACL_ALLOWED { ACCESS::respond 302 Location "/saml/idp/res?id=/Common/idp.uti.app/idp.uti_UTI_saml_resource_sso" }

       

    • JayRob_328285's avatar
      JayRob_328285
      Icon for Nimbostratus rankNimbostratus

      Thanks again for your comments to start the session to have to go to a specific URL ?

       

      Or can I just go to accounts.google.com ?