Forum Discussion
Old-Greg-MD
Nimbostratus
NimbostratusIdP Inititated Request results in AuthN response
I have APM setup as an SP, bound to an external IdP. The flow is the user logs into the IdP and clicks on the link to my SP FQDN to serve as an IdP inititated SAML auth. Access Policy is simple, just...
Old-Greg-MDNimbostratus
NimbostratusTo add to that. The IdP is sending the AudienceRestriction attribute in the SAML POST. From what I have read, when this is sent, the F5 EntityID , the ACS, and this Attribute all need to match. I do not think the F5 SAML SP ACS can be modfied which means we need to use the exact URI that ends in /ACS on the F5 APM consumer service. That said, when you try to add multiple IdP bindings to your SP, it asks you for a specific Landing URI. If they all have to match the AudienceRestriction there is no way to differentiate, hense negating the ability to do many to one Idp to SP. Is that accurate? Any suggestions or known best practices here?
