SAML SSO Without a Webtop

Is there something about the webtop that is required for IdP-initiated sessions? I have a couple SP-initiated SAML configs that work fine without a webtop. The only iRule I use for them is to establish the persistence of the cookie. They are basically "logon page -> AD auth -> Allow". You hit the service providers login page (a custom login page for us obviously), it kicks back to the F5, the F5 allows and the SAML exchange sends it back through to the service provider and we're in. I assumed that if I set up an access policy to just "logon page -> AD auth -> Allow" that the settings from the Service Provider that is bound to the IdP would get used and send me into the site in a similar manner (hit my own login page on the F5, authentication, SAML settings tell it to go to the SP which gets the POST that says the session is good). So is there something about the webtop that is required that I have to land on the webtop first and then the F5 does something additional when it sends me through to the SP?

Very curious whether people have gotten the non-webtop config working. Having to use the Webtop as part of an IDP-initiated SAML SSO is a pretty glaring deficiency in user experience in my opinion. I'll give the iRule a shot tomorrow and let everyone know how it works out.

I can verify that the iRule listed above works great. The whole concept of the webtop is a little strange to me - considering how a single SSO profile is associated with a single webtop, I just can't see the point.