F5 Big-Ip

Configuration du VPN Big-Ip (SAML)

Before we start, we consider that the Standard Network Configuration of Big-Ip has already been done, please be sure to have a functional VPN

Note: For a Web Portal authentication the VPN config must include the Full Webtop Mode

First of all, in the Trustelem app settings, enable the authentication method you want to use

Configuration de Big-Ip

  • In the main tab, click on Access > Federation > SAML Service Provider > Local SP Services

    • Click on Create

    • Give a name to your Service Provider, in the Entity ID field put your Virtual Server’s external IP

    • Click on Ok

  • In the main tab, click on Access > Federation > SAML Service Provider > External IdP Connectors

    • Download the metadata

    • Click on the arrow on the right of Create and select From Metadata

    • Click on Browse, select the previously downloaded metadata file and give a name to your IdP

    • Click on Ok

  • In the main tab, click on Access > Federation > SAML Service Provider > Local SP Services

    • Select the existing SP and click on Bind/Unbind IdP Connectors

    • Click on Add New Row, in the SAML IdP Connectors drop-down, click on the previously created entry

    • Click on Update, then click on Ok

  • In the main tab, click on Access > Profiles/Policies > Access Profiles (Per-Session Policies)

    • click on Edit, on your VPN’s access policy row

    • A diagram appears, delete the Logon Page and Advanced Resource Assign steps with x then Delete button

    • Click on the + between Start and Allow and in the Authentication tab, select SAML Auth and click on Add Item

    • In the AAA Server Drop-down list, select the SAML SP you created previously and click on save

    • Between SAML Auth and Allow, click on + and in the Assignment tab, add the Advanced Resource Assign item

    • Click on Add Entry then Add/Delete. In Network Access and Webtop tabs, respectively select your VPN’s Network Access and Webtop then click on Update

    • On the Big-Ip page header, click on Apply Access Policy

Trustelem Configuration

  • In the Entity ID field, put your Virtual Server public IP address