Avi Vantage as Service Provider for SAML authentication

Overview

Starting with the 18.2.2 release, Avi Vantage supports SAML 2.0 authentication for clients. Avi Vantage serves as a Service Provider (SP) to protect your load-balanced back-end HTTP/HTTPS applications.

Note: Starting with Avi Vantage version 18.2.3, SAML authentication and WAF are supported.

Security Assertion Markup Language (SAML) is an XML-based framework used for authentication between a service provider (resource provider) and an identity provider (authentication proxy). SAML provides the single sign-on (SSO) capability.

Avi Vantage supports SP-initiated SSO with third party identity providers (IDP). As service provider, the Avi virtual service is responsible for ensuring secure access to the back-end applications load balanced by Avi Vantage.

As illustrated in the screen, the following is the workflow for SAML client authentication:

  • In the role of service provider, the Avi Vantage virtual service sends an authentication request to the IDP before allowing users to access the back-end applications.
  • Once the IDP successfully authenticates the user, it shares the authentication with Avi Vantage.
  • Avi Vantage validates the response received from IDP and provides the session cookie to the user.
  • The user then sends the request for the target resource with the same cookie.
  • Avi Vantage validates the cookie and allows access to the user.

The following table provides a comprehensive list of links to the documentation for SAML support on Avi Vantage:

Solution References
Introduction to SAML
Configuration References
SAML Authentication Policies
Configuring SAML Authorization Policies
SAML Configuration on Avi Vantage
Integration Guides
Avi Vantage Integration with Okta
Avi Vantage Integration with Ping Federate
Avi Vantage Integration with OneLogin
Avi Vantage Integration with Google
Avi Vantage Integration with Microsft ADFS
DataScript Functions
avi.http.saml_session_decrypt( )