Forum Discussion
Hi Alex,
Normally this behaviour is configured using the Entity ID and ACS (Assertion Consumer Service) under the External SP Connector (Access ›› Federation : SAML Identity Provider : External SP Connectors). By linking (binding) up the SP connectors with the relevant Local IdP service, you can select if you want to use the AD or the LDAP config.
The SP (in your case SAAS-a, SAAS-b etc) will send their unique identifier across to the F5, which will then select the correct SP to use, based on the Entity ID and ACS, and then select the correct IdP config based on its bindings and it should be working! With this, you don't have to worry about multiple domain names or VSes for the selection process. Large scale services use the same trick to identify who's database they need to query when auth requests come in.
Hope this helps.