Forum Discussion

Ed_Martens's avatar
Ed_Martens
Icon for Cirrus rankCirrus
Mar 24, 2023

Federation SP SAML with connector automation, Azure as Idp

Hello,

I'm tring to setup connector automation for a customer where the BigIP is the SAML SP provider, and Azure as Idp.

all is fine, everything is created and authentication is working.

However after every "Frequency", the checksum is different and External IdP Connector is being recreated. And therefore the Access Policy needs to be applied.

When the Azure, App Federation Metadata file, is download by a browser, the file is never the same.

The "EntityDescriptor ID" changes with every download. And therefore also the checksum.

So is the IdP Connector automation an option when Azure is IdP?
Am I doing something wrong?

I've tested with 15.1 and 16.1, but no different behaviour

Thanks in advance

application delivery
automation
Azure
Connector
federation
saml
  • Matt_Dierick's avatar
    Matt_Dierick
    Icon for Employee rankEmployee
    Mar 28, 2023

    Hi Ed,

    You right, ID change from AAD. If you want to automate, I would say to use the Guided Config (I think you can automate it since version v16), so that you don't have to look after the rotations. For every new app, create a new Guide Config setup.

    I don't see any other option.

    • Ed_Martens's avatar
      Ed_Martens
      Icon for Cirrus rankCirrus
      Mar 28, 2023

      Hi Matthieu,

       

      Thanks for the response.

      We have tested the Guided Config.

      However we don't "own" the AAD. We are only the SP.
      IdP is a thirth party Azure AD.

      Or am I using the GC wrong?

       

      Thanks

  • Leslie_Hubertus's avatar
    Leslie_Hubertus
    Ret. Employee
    Mar 27, 2023

    Hi Ed_Martens I've forwarded your question to some colleagues for their assistance, but hopefully someone from the community can reply in the mean time!