Forum Discussion
jnowlin_44976
Nimbostratus
NimbostratusSAML IDP-initiated without webtop
so i have 1 SP initiated SAML setup and working.
i have another request to setup an IDP initiated SAML connection. i have get it to work successfully following the guide but after signing into the F...
jnowlin_44976Nimbostratus
Nimbostratussame hostname based on the f5 guide for setting up SP and IDP SAML. but the entity for each is differnt resulting in different URL. for example: https://sso.example.com/SPinitiated https://sso.example.com/IDPinitiated
so in my case i would either have to identify them by the URL or go back and define seperate hostnames it sounds like. i have seen several posts on this and most use an irule to send it one way or the other but someting like below did not work for me either. im starting to wonder if the URL i am using to access the IDP-initiated service is wrong. shouldnt https://sso.example.com/IDPinitiated be able to get me to the IDP resource?
when ACCESS_POLICY_COMPLETED { if { [ACCESS::session data get session.server.landinguri] == "/saml/idp/profile/redirectorpost/sso" } { log local0. "SP initiated SAML detected, not sending redirect" } else { ACCESS::respond 302 Location "/saml/idp/res?id=[ACCESS::session data get session.assigned.resources.saml]" log local0. "IDP initiated SAML detected, sending redirect" } }