Now if in the Identity Aware Proxy Configuration, in the very first tab "Config Properties" I enable Webtop :
(A few adjustments are needed in "Contextual Access") I am no longer able to access App1, 2 and 3. Only the webtop is available at f5-iap-auth.example.com when trying to connect App1 (by cliquing the link in webtop or directly typing URL in browser) I get caught in an infinite redirect loop between IDP and f5-iap-auth.example.com.
Note : I also tried the same configuration replacing SAML with ActiveDirectory AAA and have the same issue.
In APM logs I can see " Session deleted (restarted). " Between each loop.