Avi Vantage as Service Provider for SAML authentication

Overview

Starting with the 18.2.2 release, Avi Vantage supports SAML 2.0 authentication for clients. Avi Vantage serves as a Service Provider (SP) to protect your load-balanced back-end HTTP/HTTPS applications.

Note: Starting with Avi Vantage version 18.2.3, SAML authentication and WAF are supported.

Security Assertion Markup Language (SAML) is an XML-based framework used for authentication between a service provider (resource provider) and an identity provider (authentication proxy). SAML provides the single sign-on (SSO) capability.

Avi Vantage supports SP-initiated SSO with third party identity providers (IDP). As service provider, the Avi virtual service is responsible for ensuring secure access to the back-end applications load balanced by Avi Vantage.

As illustrated in the screen, the following is the workflow for SAML client authentication:

• In the role of service provider, the Avi Vantage virtual service sends an authentication request to the IDP before allowing users to access the back-end applications.
• Once the IDP successfully authenticates the user, it shares the authentication with Avi Vantage.
• Avi Vantage validates the response received from IDP and provides the session cookie to the user.
• The user then sends the request for the target resource with the same cookie.
• Avi Vantage validates the cookie and allows access to the user.

The following table provides a comprehensive list of links to the documentation for SAML support on Avi Vantage: