Forum Discussion
CDG
Nimbostratus
NimbostratusSAML IDP - multiple SP
Im trying to bind two SP on same IdP.but I get the following error.
MCP Error01070734:3: Configuration error: When saml_sso_config (/Common/IdP) object is assigned to saml_resource (/Common/SAML...
Michael_Koyfma1
Cirrus
CirrusWhat exactly is the scenario you are trying to achieve? Can you please describe? You can't bind multiple SP connectors to one IDP connector if you are configuring a scenario where IDP-initiated connections are possible. Please share a bit more about the scenario and you'll get the best on advice on how to implement it.
CDGOur SAML scenario is for both IdP and SP initated connections We have to do a SAML auth to our partner for two env. Staging and production. Staging is configured as this and I would like to use the same IdP for production. -Vitual server -Access Policy with advance ressource assignment Saml ressource and Webtop -iRule for NTLM auth from internal network -iRule for detection of an SP intiated (not sending redirect) or IdP initiated (sending redirect)- Michael_Koyfma1You would have to duplicate the IDP configration then - it could be completely identical in everything except the actual config object name - so like IDP_prod and IDP-staging. Then you'd be able to bind each separately to the respective SP connector and use them to publish on the webtop
- CDGDone this. but no luck... If I assigned 2 saml resource on the same webtop. Now I get ..../vdesk/hangup.php3 Can you help to modify the redirect iRule? Redirect iRules when ACCESS_POLICY_COMPLETED { if { [ACCESS::session data get session.server.landinguri] == "/saml/idp/profile/redirectorpost/sso" } { log local0. "SP initiated SAML detected, not sending redirect" } else { ACCESS::respond 302 Location "/saml/idp/res?id=[ACCESS::session data get session.assigned.resources.saml]" log local0. "IDP initiated SAML detected, sending redirect" } }
