Shibb for Global Protect VPN?

Nathan Dors dors at
Thu Jan 21 20:04:33 UTC 2021

UWash uses F5 VPN configured to use SAML to integrate with our Shibboleth

The F5 BIG-IP Edge client applications use embedded browsers, and work well
enough with our IdP's sign-in page (below), including Duo prompt (not
pictured below).

Our end user information is here:


[image: Screen Shot 2021-01-21 at 11.58.42 AM.png]

On Thu, Jan 21, 2021 at 11:43 AM IAM David Bantz <dabantz at> wrote:

> UAlaska has deployed VPN access using Global Protect. If I understand
> correctly, VPNs are (or can be) initiated in a web portal. If so, seems one
> could protect that web page with Shibb and thus have a valid SSO session
> immediately upon establishment of VPN connection (at least if IP address
> consistency is not enforced). I’ve been asked about that scenario by alert
> users. Has anyone tried that and willing to share experience? Or perhaps
> disabuse me of its feasibility?
> David St. Pierre Bant
> UAlaska IAM
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2021-01-21 at 11.58.42 AM.png
Type: image/png
Size: 578251 bytes
Desc: not available
URL: <>

More information about the users mailing list