Forum Discussion

Altostratus

Aug 02, 2015

Is there a way in iRules to modify which IDP profile the APM selects?

Is there any way to modify how the APM matches an SP to an IDP configuration? I know normally it looks at the Issuer ID that the SP sends and uses that to match an SP configuration, which is in turn ...

application delivery

BIG-IP Access Policy Manager (APM)

Cumulonimbus

Aug 07, 2015

Hi,

You can configure multiple dns records on the virtual server IP and use the following irule:

when ACCESS_ACL_ALLOWED {
    switch -glob [string tolower [HTTP::host]] {
        "www.college.com" { set samlProfile "/Common/saml-idp-www" }
        "email.college.com" { set samlProfile "/Common/saml-idp-email" }
        default {set samlProfile "/Common/saml-idp-www"}
    }
    WEBSSO::select $samlProfile
    unset samlProfile
}

On the virtual server, configure a SAN certificate or use SNI to define multiple certificates on the same VS.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)