Big-IP as IDP with Salesforce.com - Configuration help?
I'm brand new to SSO and I'm trying to configure our Big-IP as an IDP and Salesforce as the SP using SAML 2.0. Logins will be SP Initiated since most users go straight to Salesforce.
I've searched the internets for anything relating to configuration for these two in this sort of configuration. I know it's supported, but I can't seem to get it to work. Most of the documentation is very generic, or mentions Big-IP as the SP and SFDC as the IDP.
As of right now, I have SFDC sending assertions to the F5, I can get a TCPDUMP and see traffic coming in on my VS that's assigned to the access policy. However, when I look at \var\log\apm, there is nothing there. I have all logging set to debug, but nothing is logged during the SSO attempt, just the background process logs (nothing noting ssov2).
Does anyone have an example of what they've done? I'd love to pay someone to come in an do this for us, but management would rather have me working on it to save the money.
Also, this may be due to the fact I'm using a Wildcard cert for the IDP, does anyone know if SFDC rejects wildcard certs?