Forum Discussion
AltocumulusDo I have F5 APM SAML with Office 365 actually running?
AltocumulusHello Niels:
Thank you very much for your kind answer.
I understand the process, but how could I tell www.office.com to redirect the browser to the IdP (APM)? Currently, the users are being redirected to the ADFS server, but I would like them to go to the APM every time they try to access www.office.com directly. In other words, I want to get rid of such ADFS and I need the users use the APM site. I followed the guide located here https://www.f5.com/pdf/deployment-guides/microsoft-office-365-idp-dg.pdf and issued the commands on page 12. Did I miss something? Do I need to make changes in the Office 365 tenant to tell it that the new IdP is the APM and it needs to redirect the users to such IdP? I see SAML is working fine when the assertions sent by APM are successfully accepted by the SP (Office 365)
Again, so many thanks.
Hi Jorge,
Yes, the command on page 13:
Set-MsolDomainAuthentication –DomainName $dom –FederationBrandName $FedBrandName -Authentication Federated -PassiveLogOnUri $url -SigningCertificate $certData -IssuerUri $uri -ActiveLogOnUri $ecpUrl -LogOffUri $logouturl -PreferredAuthenticationProtocol SAMLP
should point to the F5 APM IDP virtual server. If this is set correctly, the SP (office.com) should redirec the user to the APM IDP when the user needs to authenticate first.
