Forum Discussion

kj07208_118528's avatar
kj07208_118528
Icon for Cirrus rankCirrus
Oct 16, 2013

SAML IdP - Can you have one APM support multiple SAML IdPs?

We have setup one vip and one APM that we want to use for all SAAS logins. We are currently federating with about four saas cloud vendors (Salesforce, box, and others). I don't want to create mult...
BIG-IP Access Policy Manager (APM)
f5 apm
idp
saml
security
  • travis99_94012's avatar
    travis99_94012
    Oct 17, 2013

    Yes, you can have multiple IdPs setup for one virtual server. We have 3 right now. In the access policy, after authentication, I have one webtop and the 3 SAML resources. Works just fine SP initiated.

     

HoneyBadgerIT_1's avatar
HoneyBadgerIT_1
Icon for Nimbostratus rankNimbostratus

I am trying to do this and also be able to assign the SAML resource depending on what AD security group they are in. For instance I have three IdP's (webex, box, salesforce) and they all use the same VIP and all three resources on the same webtop as described above.

 

I am trying to figure out how I would determine the incoming IdP Entity ID perhaps, to then check if they are in the correct AD security group and then assign the correct SAML resource.

 

FI_2016_187929's avatar
FI_2016_187929
Icon for Nimbostratus rankNimbostratus
Mar 27, 2017

We are trying to do the same, have multiple Service Providers use F5 as IdP, but have each SP app have it's own AD group associated with it and only allow users to access apps they are AD group members of. We use SP initiated authentication. Is this possible?