Avi Vantage as Service Provider for SAML authentication
Starting with the 18.2.2 release, Avi Vantage supports SAML 2.0 authentication for clients. Avi Vantage serves as a Service Provider (SP) to protect your load-balanced back-end HTTP/HTTPS applications.
Note: Starting with Avi Vantage version 18.2.3, SAML authentication and WAF are supported.
Security Assertion Markup Language (SAML) is an XML-based framework used for authentication between a service provider (resource provider) and an identity provider (authentication proxy). SAML provides the single sign-on (SSO) capability.
Avi Vantage supports SP-initiated SSO with third party identity providers (IDP). As service provider, the Avi virtual service is responsible for ensuring secure access to the back-end applications load balanced by Avi Vantage.
As illustrated in the screen, the following is the workflow for SAML client authentication:
- In the role of service provider, the Avi Vantage virtual service sends an authentication request to the IDP before allowing users to access the back-end applications.
- Once the IDP successfully authenticates the user, it shares the authentication with Avi Vantage.
- Avi Vantage validates the response received from IDP and provides the session cookie to the user.
- The user then sends the request for the target resource with the same cookie.
- Avi Vantage validates the cookie and allows access to the user.
The following table provides a comprehensive list of links to the documentation for SAML support on Avi Vantage:
|Introduction||Introduction to SAML|
|Configuration Guides||SAML Configuration on Avi Vantage|
|SAML Authentication Policies|
|Configuring SAML Authorization Policies|
|Integration Guides||Avi Vantage Integration with Okta|
|Avi Vantage Integration with PingFederate|
|Avi Vantage Integration with OneLogin|
|Avi Vantage Integration with Google|
|Avi Vantage Integration with Microsft ADFS|
|DataScript Functions||avi.http.saml_session_decrypt( )|