Avi Vantage as Service Provider for SAML authentication

Starting with the 18.2.2 release, Avi Vantage supports SAML 2.0 authentication for clients. Avi Vantage serves as a Service Provider (SP) to protect your load balanced backend HTTP/HTTPS applications.

Security Assertion Markup Language (SAML) is an XML-based framework used for authentication between a service provider (resource provider) and an identity provider (authentication proxy). SAML provides the single sign-on (SSO) capability.

Avi Vantage supports SP-initiated SSO with third party identity providers (IDP). As service provider, the Avi virtual service is responsible for ensuring secure access to the back-end applications load balanced by Avi Vantage.

As illustrated in the figure, the following is the workflow for SAML client authentication:

  • In the role of service provider, the Avi virtual service sends an authentication request to the IDP before allowing users to access the back-end applications.
  • Once the IDP successfully authenticates the user, it shares the authentication with Avi Vantage.
  • Avi validates the response received from IDP and provides the session cookie to the user.
  • The user then sends the request for the target resource with the same cookie.
  • Avi validates the cookie and allows access to the user.

The following table provides a comprehensive list of links to the documentation for SAML support on Avi Vantage:

Solution References
Introduction Introduction to SAML
Configuration References
Configuration Guide SAML Configuration on Avi Vantage
Integration Guides Avi Vantage Integration with Okta
Avi Vantage Integration with PingFederate
Avi Vantage Integration with OneLogin
Avi Vantage Integration with Google