F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Julio_Navarro's avatar
Julio_Navarro
Icon for Cirrostratus rankCirrostratus
Jul 14, 2014

Using APM as a SAML IdP no SSO portal

Hello;   I was able to configure the LTM as a Identity Provider (IdP) so my users will go to a website (for example : assist.mydomain.com) where is hosted the Application Policy/VIP on my LTM. If ...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 14, 2014

What you have now is considered an "IdP-initiated" config. The user logs onto the webtop, and the various links generate a SAML assertions to their respective SPs. The opposite of this is an "SP-initiated" config, where the user goes to the SP first, which redirects to the IdP for authentication, and then back to the SP with the assertion. The configuration of this is very similar to what you already have, except instead of assigning the IdP profile to a SAML resource, you simply assign the IdP profile as an SSO to the primary access policy itself (with no webtop).