BIGIP how to handle multiple IDP each with multiple external SP
Hi
So lets say on prem I have a MS AD domain and also a LDAP DB with different usernames/password
idp-msad
idp-ldap
uri might be
/idp/idp-msad
/idp/idp-ldap
and I have a few SP - say SAAS-A and SAAS-b and SAAS-c & SAAS-d
now I want to auth MS AD user to SAAS-a & SAAS-b
and LDAP DB to SAAS-c & SAAS-d
I would like to do this through 1 VS, saml.example.com
So I don't think i can do this as the landing uri is
/saml/idp/profile/redirectorpost/sso
can I instead make the landing page
/idp/idp-msad
when i have done that - it auths and fails - as nothing is behind /idp/idp-msad, but I just thought, maybe I need to then redirect to /saml/idp/profile/redirectorpost/sso with the same parameters.
that way I can setup my Access profile to that for landing url of /idp/idp-msad I can do the right tests, ie logon via ms ad
But how do I test weather its SAAS-a or SAAS-b
same with
/saml/idp/profile/redirectorpost/sso
who do i know who called it ? SAAS-a or b or c or d ?
Then once I have that going, how do i integrate into multidomain SSO
i have login location of auth.example.com
when i set the apm for saml.exmaple.com to global multidomain and SSO liked to auth.example.com it never triggers the SAML assign resource ..
I guess I could move to pre request and look at the uri and then do a test, but again for which SAAS..
I don't think it possible with the f5, sigh