SAML configuration with F5 IDP


I’m trying to use SAML authentification on pritunl, but i can’t manage. 2 weeks trying … I do a lot of idp on my F5, maybe 20 product using it.

I create a special IDP for this configuration, working perfectly with htps://sptes (saml idp/sp test tool).

All the tutorial i found are based on cloud provider, okta etc.

I will pute the metadata of my IDP, can you tell me what to put in the pritunl configuration ? For now, when i try to log with SAML, i m correctly redirect to my IDP, AUTH OK, but then, no redirection to the Pritunl.

SAML IDP Metadata


I can, t upload the xml files, and new user “can’t upload more than 2 links in a post …”

On the SP description, i put htps:// pritunlFQDN

On the pritunl conf :slight_smile:


When i try with the post/redirect sso url, on SAML Sign-on URL, i got an saml error 8001.

Documentation isn’t available for other SAML providers. It’s important to use a SAML provider with an API because this allows checks to occur at each VPN connection and in the newer releases every hour during a VPN connection to verify the state of the user. This would prevent and disconnect a user from Pritunl who has been removed or disabled from the single sign-on provider. All single sign-on providers supported by Pritunl have API integration. The generic SAML and Radius configurations do not have this functionality.

Using other SAML providers should only be done with single sign-on connection authentication which will provide some checks. But if this is used with authentication cache the user check would only occur when the authentication cache expires.

Hello Zach,

Yes i want to use single sign-on connection auth.

Can you help me ? :slight_smile: maybe doing a documentation to use F5 as saml idp ?

I think sending to you my idp.xml and my external sp configuration for pritunl and you will find the issue quick :slight_smile:

Tell me Zach and i send this by mail ?

Best regards,