Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 

Federation SP SAML with connector automation, Azure as Idp



I'm tring to setup connector automation for a customer where the BigIP is the SAML SP provider, and Azure as Idp.

all is fine, everything is created and authentication is working.

However after every "Frequency", the checksum is different and External IdP Connector is being recreated. And therefore the Access Policy needs to be applied.

When the Azure, App Federation Metadata file, is download by a browser, the file is never the same.

The "EntityDescriptor ID" changes with every download. And therefore also the checksum.

So is the IdP Connector automation an option when Azure is IdP?
Am I doing something wrong?

I've tested with 15.1 and 16.1, but no different behaviour

Thanks in advance


Community Manager
Community Manager

Hi @Ed_Martens I've forwarded your question to some colleagues for their assistance, but hopefully someone from the community can reply in the mean time!

F5 Employee
F5 Employee

Hi Ed,

You right, ID change from AAD. If you want to automate, I would say to use the Guided Config (I think you can automate it since version v16), so that you don't have to look after the rotations. For every new app, create a new Guide Config setup.

I don't see any other option.

Hi Matthieu,


Thanks for the response.

We have tested the Guided Config.

However we don't "own" the AAD. We are only the SP.
IdP is a thirth party Azure AD.

Or am I using the GC wrong?