Forum Discussion
NimbostratusSAML question - IdP initiated
Hi all,
I am currently creating an iDP on the F5 and connected a SP (which is working perfectly). Furthermore I created a Webtop and assigned the SAML resource which is also working fine for one connected SP.
Now I tried to connect an additional SP to the same iDP, but when I try to create the binding I receive the following error message:
MCP Error01070734:3: Configuration error: When saml_sso_config object is assigned to saml_resource,it can only have one sp_connector object associated with it.
Any ideas on that?
Thx in advance for your support
5 Replies
travis99_94012Cirrus
You need a new IdP setup for each SP. You can have multiple setup with the same Entity ID, we do.
Dietmar_MoltnerOk, thx for clarification.
So this also means that I can assign multiple SAML resources to one virtual which acts as one externally facing iDP for the SAML handshake? Our target is to have one virtual acting as iDP for multipe SAML cloud services
- travis99_94012
Yes, you can have multiple for one virtual, I have tested 3 concurrent on one VIP and I plan on adding more.
- ian_wijaya
Hi Bro,
How did you achieve this ? I've tried creating a new IDP for each SP. idp1 -> sp1 , idp2 -> sp2 , idp1 and idp2 use the same setting, but when I tried accessing sp2.blablabla.com it redirects me to idp, and after login, I get redirected to sp1.blablabla.com .
Any idea ?
Thanks
- ian_wijaya
Hi,
I forgot to change AAA server in SAML Auth (VPE) to new SAML SP. Now it works.
Thanks !
Ian Wijaya
