Forum Discussion
ecohler
Nimbostratus
NimbostratusUsing F5 as a Service Provider with Okta IdP
I've read part 1 and 2 of this article for how to connect F5 as a service provider to Okta: Secure Access to Web Applications with F5 and Okta... - DevCentral However, it doesn't provide instructio...
Hi ecohler,
So in this case the Audience URI and the Single sign on URL would be based on the DNS hostname for the VIP your access policy is attached to, meaning: the way that Okta would communicate with the SP and what appears in your browser.
In the BIG-IP interface, the Audience URI is the same as the Entity ID field from the SAML SP Service editor, in the General Settings section.
The Single Sign-on URL is a combination of the Audience URI, followed by the URL path /saml/sp/profile/post/acs. This is also called the Assertion Consumer Service URL. The path should always be the same, but the hostname would change for each unique service provider/application. Example: https://sp.example.com/saml/sp/profile/post/acs.
In the linked guide you can see in the example that their Audience (SP Entity ID) is https://app.f5sec.net, and the Single Sign-on URL is https://app.f5sec.net/saml/sp/profile/post/acs.
Hope this helps,
Josh