F5 big-ip vpn saml implementation with 2factor

Ewing, Bill BEwing at utsystem.edu
Fri Dec 18 18:07:21 EST 2015

We have been using the saml service provider setup on our F5 big-ip vpn with various campus's IDP's configured so they can login with their credentials. We are needing to enable 2factor with DUO on those f5 vpn connections and was wondering if anyone has experience with setting up the F5 big-ip vpn running as a saml sp to request a specific authcontext or AuthContextClassRef and set the value to our specifc one for 2factor that our campus shibboleth servers are all configured with.

We are all pretty much on the same setup of shibboleth idp 2.5.4, mcb 1.2.5 and the latest duo mcb plugin cant recall version atm. "we've been told in the past custom relying party's to request a specific authcontext was not workable in v2x. our deadline for this solution would be before all our campus's could all get to idp v3 as well.

We saw reference of this maybe being an enabled feature of v12 of f5 but have not gotten verification if this was the case.

If anyone has gotten this to work I would appreciate any input that you could give or likewise if this is a non workable solution at this time that as well.



More information about the users mailing list