Forum Discussion

Ed_Martens's avatar
Mar 24, 2023

Federation SP SAML with connector automation, Azure as Idp

Hello,

I'm tring to setup connector automation for a customer where the BigIP is the SAML SP provider, and Azure as Idp.

all is fine, everything is created and authentication is working.

However after every "Frequency", the checksum is different and External IdP Connector is being recreated. And therefore the Access Policy needs to be applied.

When the Azure, App Federation Metadata file, is download by a browser, the file is never the same.

The "EntityDescriptor ID" changes with every download. And therefore also the checksum.

So is the IdP Connector automation an option when Azure is IdP?
Am I doing something wrong?

I've tested with 15.1 and 16.1, but no different behaviour

Thanks in advance

  • Hi Ed_Martens I've forwarded your question to some colleagues for their assistance, but hopefully someone from the community can reply in the mean time!

  • Hi Ed,

    You right, ID change from AAD. If you want to automate, I would say to use the Guided Config (I think you can automate it since version v16), so that you don't have to look after the rotations. For every new app, create a new Guide Config setup.

    I don't see any other option.

    • Ed_Martens's avatar
      Ed_Martens
      Icon for Cirrus rankCirrus

      Hi Matthieu,

       

      Thanks for the response.

      We have tested the Guided Config.

      However we don't "own" the AAD. We are only the SP.
      IdP is a thirth party Azure AD.

      Or am I using the GC wrong?

       

      Thanks