Forum Discussion

kj07208_118528's avatar
kj07208_118528
Icon for Cirrus rankCirrus
Oct 16, 2013

SAML IdP - Can you have one APM support multiple SAML IdPs?

We have setup one vip and one APM that we want to use for all SAAS logins. We are currently federating with about four saas cloud vendors (Salesforce, box, and others). I don't want to create mult...
BIG-IP Access Policy Manager (APM)
f5 apm
idp
saml
security
  • travis99_94012's avatar
    travis99_94012
    Oct 17, 2013

    Yes, you can have multiple IdPs setup for one virtual server. We have 3 right now. In the access policy, after authentication, I have one webtop and the 3 SAML resources. Works just fine SP initiated.

     

Thrillseeker_12's avatar
Thrillseeker_12
Icon for Cirrus rankCirrus

Hi all,

 

I managed for my SP-initiated setup to assign the SAML SSO-Resource over the Webtop. Works great, but only for one specific IDP config. The question no is, how can I distinguish the different SP's and assigning different SAML SSO Resources via Webtop (single IDP VIP)? I tried with condition Landing-URI but of course this URI is always the same for all SAML communication.

 

Any ideas?

 

Thanks Thrillseeker

 

Sergi_Munyoz_24's avatar
Sergi_Munyoz_24
Icon for Nimbostratus rankNimbostratus
Jun 08, 2017

Hi. As far as I can remember you must create as many idp services as sp's you have , and link one to one, no matter idp services are equal. Then create equivalent SAML resources and assign them on vpe with the desired condition (not on SSO part of the access policy). Idp or sp initiated it must work

 

Hope this helps