SAML IdP is redirecting to the incorrect hostname
This article will discuss how to arrive at the proper hostname after SAML authentication.
We have an internal service (browser application). That service uses (public) MS AzureAD SAML for authentication. The Service Provider Identity is the internal FQDN of this service.
We want to implement a virtual service on the LoadMaster that enables public users to access this internal service including the existing SAML authentication. If possible we want the KEMP to authenticate via SAML before the request is forwarded to the real server where it is authenticated again.
We configured a public DNS name for the internal service and pointed that to a public IP which is then NATed to the IP of our LoadMaster.
Do you have any hints for such a scenario? Can we somehow work around this?
|Steps to Reproduce:|
|Cause:||This is caused when the SP Entity ID field within the SAML SSO on the LoadMaster does not match the client's request.|
Navigate to Virtual Services > Manage SSO > modify the desired SSO > populate the FQDN the client is browsing to in the SP Entity ID field > click Set SP Entity ID. This should have the format of https://<PublicFQDN>/ or http://<PublicFQDN>/, respectively.
The user will be redirected to the value of the SP entity ID field.
|Workaround:||Have the user browse to the internal FQDN.|