SAML question - IdP initiated

Question

Hi all,&nbsp;
I am currently creating an iDP on the F5 and connected a SP (which is working perfectly). Furthermore I created a Webtop and assigned the SAML resource which is also working fine for one connected SP.&nbsp;
Now I tried to connect an additional SP to the same iDP, but when I try to create the binding I receive the following error message:&nbsp;
MCP Error01070734:3: Configuration error: When saml_sso_config object is assigned to saml_resource,it can only have one sp_connector object associated with it.&nbsp;
Any ideas on that?&nbsp;
Thx in advance for your support&nbsp;

travis99_94012 · Answer

You need a new IdP setup for each SP. You can have multiple setup with the same Entity ID, we do. &nbsp;

dietmar_moltner · Answer

Ok, thx for clarification.&nbsp;
So this also means that I can assign multiple SAML resources to one virtual which acts as one externally facing iDP for the SAML handshake? Our target is to have one virtual acting as iDP for multipe SAML cloud services &nbsp;

travis99_94012 · Answer

Yes, you can have multiple for one virtual, I have tested 3 concurrent on one VIP and I plan on adding more.  &nbsp;

ian_wijaya · Answer

Hi Bro, &nbsp;
How did you achieve this ? 
I've tried creating a new IDP for each SP. 
idp1 -&gt; sp1 ,
idp2  -&gt; sp2 ,
idp1 and idp2 use the same setting, but when I tried accessing sp2.blablabla.com it redirects me to idp, and after login, I get redirected to sp1.blablabla.com . &nbsp;
Any idea ? &nbsp;
Thanks&nbsp;

ian_wijaya · Answer

Hi, &nbsp;
I forgot to change AAA server in SAML Auth (VPE) to new SAML SP. 
Now it works. &nbsp;
Thanks ! &nbsp;
Ian Wijaya&nbsp;

Forum Discussion

SAML question - IdP initiated

5 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

Proxy Protocol Initiator

IdP Discovery for IdP Initiated SAML

Enable SAML Service Provider on F5 Distributed Cloud Application

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request