So.. I´ve setup a sp in apm. The sp is configred to use post binding.
But we have an issue with adfs, as the metadata we export for the sp contain both post and redirect.. the clients use redirect..and both post and redirect are present as endpoints in adfs.
Is it standard for the metadata to contain both or is that a piece of config we missed?
At the moment we´ve manually removed the redirect part of the xml to solve it, but would be nice to know if it´s a configuration mistake or if its default behaviour.
Thanks, will do. We´ve hit this bug (https://cdn.f5.com/product/bugtracker/ID935193.html), and as the workaround states that you should configure POST instead of redirect.. but as both are present that doesn´t change anything from the clients perspective.
But are both always present in the metadata?
I don't think so (or I have misunderstood your request ;)). I understood you want to have more control over the metadata the BigIP is generating. If so, this has nothing to do with this bug. Metadata is used just once when we create the SAML object or entity. Once the AML object is created - with importing the metadata - we can still update the config, to get over some difficulty, as the bug you mention.
"But are both always present in the metadata?": yes.