NSX Advanced Load Balancer supports SAML 2.0 authentication for clients. It serves as a Service Provider (SP) to protect your load-balanced back-end HTTP/HTTPS applications.

Security Assertion Markup Language (SAML) is an XML-based framework used for authentication between a service provider (resource provider) and an identity provider (authentication proxy). SAML provides the single sign-on (SSO) capability.

NSX Advanced Load Balancer supports SP-initiated SSO with third-party identity providers (IdP). As a service provider, the NSX Advanced Load Balancer virtual service is responsible for ensuring secure access to the back-end applications load-balanced by NSX Advanced Load Balancer.

As illustrated, the workflow for SAML client authentication is as follows:

• In the role of service provider, the NSX Advanced Load Balancer virtual service sends an authentication request to the IdP before allowing users to access the backend applications.

• Once the IdP successfully authenticates the user, it shares the authentication with NSX Advanced Load Balancer.

• NSX Advanced Load Balancer validates the response received from IdP and provides the session cookie to the user.

• The user then sends the request for the target resource with the same cookie.

• NSX Advanced Load Balancer validates the cookie and allows access to the user.