SAML question - IdP initiated

Question

Hi all,&nbsp;
I am currently creating an iDP on the F5 and connected a SP (which is working perfectly). Furthermore I created a Webtop and assigned the SAML resource which is also working fine for one connected SP.&nbsp;
Now I tried to connect an additional SP to the same iDP, but when I try to create the binding I receive the following error message:&nbsp;
MCP Error01070734:3: Configuration error: When saml_sso_config object is assigned to saml_resource,it can only have one sp_connector object associated with it.&nbsp;
Any ideas on that?&nbsp;
Thx in advance for your support&nbsp;

travis99_94012 · Answer

You need a new IdP setup for each SP. You can have multiple setup with the same Entity ID, we do. &nbsp;

dietmar_moltner · Answer

Ok, thx for clarification.&nbsp;
So this also means that I can assign multiple SAML resources to one virtual which acts as one externally facing iDP for the SAML handshake? Our target is to have one virtual acting as iDP for multipe SAML cloud services &nbsp;

travis99_94012 · Answer

Yes, you can have multiple for one virtual, I have tested 3 concurrent on one VIP and I plan on adding more.  &nbsp;

ian_wijaya · Answer

Hi Bro, &nbsp;
How did you achieve this ? 
I've tried creating a new IDP for each SP. 
idp1 -&gt; sp1 ,
idp2  -&gt; sp2 ,
idp1 and idp2 use the same setting, but when I tried accessing sp2.blablabla.com it redirects me to idp, and after login, I get redirected to sp1.blablabla.com . &nbsp;
Any idea ? &nbsp;
Thanks&nbsp;

ian_wijaya · Answer

Hi, &nbsp;
I forgot to change AAA server in SAML Auth (VPE) to new SAML SP. 
Now it works. &nbsp;
Thanks ! &nbsp;
Ian Wijaya&nbsp;

Forum Discussion

SAML question - IdP initiated

Recent Discussions

APM webtop customization header message

Installing a PKCS 12 File onto an F5 Device

Irule to allow specific IPs

Uploading SKCS 12 File to F5 Device

F5 not Identifying Parameter in Text/Plain Upload

Related Content

Proxy Protocol v2 Initiator

Proxy Protocol Initiator

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

IdP Discovery for IdP Initiated SAML

Enable SAML Service Provider on F5 Distributed Cloud Application