For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Michael_Koyfman's avatar
Michael_Koyfman
Icon for Cirrocumulus rankCirrocumulus
Jul 21, 2014

What exactly is your situation? Your SP has different instances and you need to service them by different IDP configs on your APM?

 

David_123856's avatar
David_123856
Icon for Nimbostratus rankNimbostratus
Jul 21, 2014
In point form caus its easier to type :): * The SP provides multiple instances - eg Test, Dev, QA, etc, * Each Instance at the SP has its own AssertionConsumerURL (eg. https://ACU/saml?Instance=QA * SP initiated SAML requests has the same SP Issuer inside the encoded token, but a different relaystate so I can tell from that url param which instance its for So I had set up 1 External SP config for each instance, and 1 idp Config for each instance, but as all the requests have the same SP Issuer the F5 matches the first idp service and then returns to that ones bound SP config. Have to use SO initiated due t links sent by the Service with no capacity to change the urls Unless I can bind multiple SPs to one idp and it can work out via the relay state which SP to use?