ADFS authentication -APM

You have a couple of options. You can write an rule that looks at the URI / FQDN and sets a session variable that you can then use within the APM VPE to determine the path, or you can use the Landing URI agent built into APM.

 

Also, I highly recommend you upgrade to a maintenance release for stability and support. 11.3 is getting very close to end of technical support. https://support.f5.com/kb/en-us/solutions/public/5000/900/sol5903.html

 

Technically speaking that's no more complicated than using an HTTP URI or Host header. The client would conceivably be coming to your auth solution with the referrer header.

GET / HTTP/1.1
Host: auth.domain.com
Referer: othersite.example.com
...

You'd just need to look for this in the first HTTP request to APM. That said, most browsers will not send a Referer header in an HTTPS request, so you might need to find another way to define where this request is coming from. Maybe an initial specific URI?

Maybe it'll be worthwhile to take a step back and look at the overall application flow. So far I think we've assumed that traffic would be coming from the cloud app to the F5 for authentication. Is that correct, and can you elaborate on the traffic flow?

 

Ultimately though, if multiple applications are feeding from a single APM VIP for authentication, you would need a way to differentiate them. As I mentioned earlier, most browsers will not send a Referer header in an HTTP request, so that's not likely an option. My point about a specific URI was having each cloud application address the APM VIP differently. So for example, in your cloud app's configuration, you'd tell it to go to something like https://www.apmvip.com/cloudapp1, where "/cloudapp1" would tell APM which app this request is for.