Forum Discussion

hpr_220139

Nimbostratus

Feb 14, 2018

APM/LTM 12.1: SAML IdP and SP possible in one VE?

Hi, Is it possible to run an SAML IdP and one (or better: more) SPs on one VE? I found a sentence in the doc: In a federation of BIG-IP-Systems, one BIG-IP System acts as a SAML Identity Provider and...

application delivery

BIG-IP Access Policy Manager (APM)

LTM

Daniel_Varela

Employee

Feb 14, 2018

It is possible, I have done that many times in my lab. You need to be careful and configure you vs with different dns names to avoid get the browser to send the apm cookie it has for the Idp session when it access the Sp (the sp will be confused to see apm cookies for a session that is not started)

Keep in mind that you are doubling up the number of sessions in this deployment, one for the Idp and one for the Sp.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

APM/LTM 12.1: SAML IdP and SP possible in one VE?

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

Simplifying Local Traffic Policies In BIG-IP 12.1

TCL Error possibly causing TCP Resets?

ASM 12.1 : Top 10 des nouvelles fonctionnalités

Is it possible to properly log protobuf?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS