NSX Advanced Load Balancer supports SAML 2.0 authentication for clients. It serves as a Service Provider (SP) to protect your load-balanced, back-end HTTP/HTTPS applications.

NSX Advanced Load Balancer supports SP-initiated SSO with third-party identity providers (IdP). As a service provider, the NSX Advanced Load Balancer virtual service is responsible for ensuring secure access to the back-end applications load-balanced by NSX Advanced Load Balancer.

As illustrated, the workflow for SAML client authentication is as follows:

1. The user attempts to access a protected resource on NSX Advanced Load Balancer that requires authentication.

2. NSX Advanced Load Balancer virtual service acting as a service provider, sends an authentication before allowing users to access the backend applications.

3. The request is redirected to the IdP's SSO Service.

4. The IdP's SSO service handles the authentication process. The SSO service verifies the credentials shared by the user. The IdP generates a response about the user and the authentication, and communicates it through an XHTML form.

5. The assertion is posted to the ACS.

6. NSX Advanced Load Balancer validates the response received from IdP and provides the session cookie to the user.

7. The user then sends the request for the target resource with the same cookie.

8. NSX Advanced Load Balancer validates the cookie and allows access to the user.