Lab 1.2: Create an External SP Connector¶
Now that we have the Identity Provider configured, we need to configure the BIG-IP so it is aware of the Service Provider (the SaaS application). We do this by defining an External SP Connector using the metadata provided by the SaaS application, importing it into the BIG-IP, and setting the appropriate cryptographic controls.
Task 1 - Obtain the SAML Service Provider Metadata¶
In a common deployment the metadata is provided by the application. This lab is no different, but the access method will vary. Follow the listed steps below to obtain the necessary XML file.
- Open a browser and nagivate to https://app.f5demo.com/metadata.xml
- Save the file as
app.f5demo.com.xml
Task 2 - Create an External SP Connector¶
In this task we will create the External SP Connector object.
Navigate to
Click on the triangle on the right side of the Create button and select From Metadata
Enter the following information:
Property Value Select File app.f5demo.com.xml Service Provider Name app.f5demo.com 
Click the OK button
Task 3 - Modify the SP Connector Settings¶
Finally, for security purposes, we’ll configure the External SP Connector object to require that resposes are cryptographically signed. This prevents an attacker from manipulating the response and potentially gaining unauthorized access.
Click the checkbox next to app.f5demo.com and click the Edit button
Modify the following Security Settings:
Property Value Response must be signed checked 
Click the OK button.