APM - Access Profile Automation

Question

Here's the scenario:&nbsp;
Using APM as an IdP as part of a SP-initiated SAML SSOOccasionally, in the lower environments the SP's Entity ID and Assertion Consumer Service URL (as configured in External SP Connector Settings) will change.
I'd like to implement a process where F5 administrators won't need to manually modify the Entity ID and Assertion Consumer Service URL every time these change.  However, I'm not able to find any classes in iControl to modify APM Access Profiles.  I'd be open to creative solutions on this, perhaps via iRules?&nbsp;

kevin_stewart · Answer

How about a REST iControl call?
curl -k -u admin:admin -H "Content-Type: application/json" -X PUT -d '{"name":"testsp.domain.com","entityId":"https://testsp.domain.com","assertionConsumerUri":"https://testsp.domain.com/saml/sp/profile/post/acs"}' https://x.x.x.x/mgmt/tm/apm/sso/saml-sp-connector/testsp.domain.com

where (in this example), "testsp.domain.com" is the name of the IdP's SP connector object. Depending on the SAML SP peer, you may also want to change singleLogoutResponseUri and singleLogoutUri. You can use the following to list the attributes of the SP connector:
curl -k -u admin:admin -X GET https://x.x.x.x/mgmt/tm/apm/sso/saml-sp-connector/testsp.domain.com

Forum Discussion

APM - Access Profile Automation

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

F5OS login with admin/root failed via console

UCS Encryption Question

Related Content

Automating Certificate Management on F5 BIG-IP

Automating F5 Licensing - without direct internet access

Automating ACMEv2 Certificate Management on BIG-IP

Automate Let's Encrypt Certificates on BIG-IP

F5 iApp Automated Backup

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS