OK, solved this on my own :)
APM reports are pretty tight with useful information, however APM logs available in /var/log/apm give an abundance of information.
In my case, these were the hurdles to jump when getting BigIP IdP to play with ADFS 3.0 SP:
1) BigIP External SP Connector:
Security Settings / Authentication Request sent to this device by SP / Will be signed: NO
Security Settings / Assertion sent to SP by this device: Must be signed, or must be encrypted, or both.
Certificate settings: use ADFS Token Decrtyption/Encryption certificate
Endpoint Settings / Relay state needs to be filled. https:///adfs/ls/
2) BigIP IdP service - add a UPN claim. ADFS requires it, else it will refuse to work.
3) ADFS Claims Provider trust (advanced): use SHA 1 algorithm for hashing
Hope this helps anybody else on this path...
Regards,
Z