Forum Discussion

MC_273315's avatar
MC_273315
Icon for Cirrus rankCirrus
Jul 19, 2016

APM SP connections - Subject Types

Here is a general question on the functionality of the F5 APM module; we have been testing out SSO connections such as WebEx, ShareFile, (SP initiated). The original idea was to share or reuse the in...
BIG-IP Access Policy Manager (APM)
security
  • Michael_Koyfman's avatar
    Michael_Koyfman
    Jul 19, 2016

    If I understand you right, I think you might be under misconception about how SAML IDP configuration works on the BIG-IP. You can certainly have multiple IDP/SP bindings configured on the same virtual server. To fully visualize how it happens, I suggest you leverage this iApp to setup your initial federation with a couple of SaaS apps and take a look at the config it creates - should hopefully be self-explanatory after that. :) If not, fire away your questions here.

     

    https://devcentral.f5.com/codeshare/saas-federation-iapp

     

Michael_Koyfman's avatar
Michael_Koyfman
Icon for Cirrocumulus rankCirrocumulus

If I understand you right, I think you might be under misconception about how SAML IDP configuration works on the BIG-IP. You can certainly have multiple IDP/SP bindings configured on the same virtual server. To fully visualize how it happens, I suggest you leverage this iApp to setup your initial federation with a couple of SaaS apps and take a look at the config it creates - should hopefully be self-explanatory after that. :) If not, fire away your questions here.

 

https://devcentral.f5.com/codeshare/saas-federation-iapp

 

Michael_Koyfman's avatar
Michael_Koyfman
Icon for Cirrocumulus rankCirrocumulus
Jul 21, 2016

I hope things will be self-explanatory once you see the config produced by the iApp. The gist is that you do not have to assign the IDP service to Access Profile as the SSO, but rather as SAML Resource in the VPE, and you can have multiple IDP-to-SP mappings assigned there.