Graham_Alderso1's avatar
Graham_Alderso1
Ret. Employee
Aug 29, 2017

Juan,

 

You're in luck, that is already default behavior! In SP initiated the user is sent directly back to the SP with the assertion following policy completion (authentication), they do not see a webtop. It knows what SAML resource to use because it can match the incoming SP initiated authentication request up to the assigned SAML resources.

 

If you see a webtop when attempting SP initiated, but IdP initiated auth works when the user clicks the webtop link, then there is a misconfiguration at the SP. It's not the IdP configuration because it can successfully perform IdP initiated auth. The SP misconfiguration results in F5 not identifying the request as SP initiated authentication request, so it just shows the webtop. The most common cause is the SP is not redirecting the user to the correct URI (/saml/idp/profile/redirectorpost/sso) or the SAML AuthN request is malformed/not present.