Layer7 Access Management

Expand all | Collapse all

Query: WNA configuration for SAML based application

Jump to Best Answer
  • 1.  Query: WNA configuration for SAML based application

    Posted 04-01-2016 07:06 AM

    Hi all,

     

    We have a setup where we have configured WNA for web application. The tricky thing in this is instead of the basic pop-up, which comes up when user accesses the application from another network/internet, we have configured a custom login page. We have followed the solution explained in this link - Windows IWA Failover to HTML Form Login.docx

     

    Now, the requirement is to enable the WNA for SAML based applications, but we can't install/configure the CA Option Pack on Windows 2008 IIS server. Hence, we have to redirect the request to our IDP and then to WNA machine where we have protected the redirect.jsp.

     

    Flow is -

    user accesses SP app - request comes to IDP - IDP redirects user to redirect.jsp that is protected by form authentication scheme on Windows server - request goes to the CA addon in the above link on windows machine -  user is authenticated by kerberos token

    else

    the form login is displayed.

     

    Do you find any problem with the above solution ? Can anyone suggest a better solution to perform this integration?

    Any help/pointer is appreciated.

     

    Thanks



  • 2.  Re: Query: WNA configuration for SAML based application

    Posted 04-05-2016 09:34 AM

    Experts,

    Any pointers/suggestions around this?

    TIA.



  • 3.  Re: Query: WNA configuration for SAML based application
    Best Answer

    Posted 08-17-2016 05:19 PM

    Hi AbhishekK,

     

    I see no problems with the proposed request flow.  It appears to be a standard SP-initiated request flow, and any regular (non-SAML) auth scheme can be used to protect the Authentication URL (redirect.jsp), so I don't see anything out of the ordinary here.

     

    -Pete