Avi Vantage as Service Provider for SAML authentication
Starting with the 18.2.2 release, Avi Vantage supports SAML 2.0 authentication for clients. Avi Vantage serves as a Service Provider (SP) to protect your load balanced backend HTTP/HTTPS applications.
Security Assertion Markup Language (SAML) is an XML-based framework used for authentication between a service provider (resource provider) and an identity provider (authentication proxy). SAML provides the single sign-on (SSO) capability.
Avi Vantage supports SP-initiated SSO with third party identity providers (IDP). As service provider, the Avi virtual service is responsible for ensuring secure access to the back-end applications load balanced by Avi Vantage.
As illustrated in the figure, the following is the workflow for SAML client authentication:
- In the role of service provider, the Avi virtual service sends an authentication request to the IDP before allowing users to access the back-end applications.
- Once the IDP successfully authenticates the user, it shares the authentication with Avi Vantage.
- Avi validates the response received from IDP and provides the session cookie to the user.
- The user then sends the request for the target resource with the same cookie.
- Avi validates the cookie and allows access to the user.
The following table provides a comprehensive list of links to the documentation for SAML support on Avi Vantage:
|Introduction||Introduction to SAML|
|Configuration Guide||SAML Configuration on Avi Vantage|
|Integration Guides||Avi Vantage Integration with Okta|
|Avi Vantage Integration with PingFederate|
|Avi Vantage Integration with OneLogin|
|Avi Vantage Integration with Google|