Hi,
if I understand your question correctly, then you want to use the BIG-IP as SAML SP, correct? A SAML SP APM profile doesn't need a logon page. That wouldn't make any sense at all. You need to import the IdP metadata as "external IdP connector" into the BIG-IP SAML Service Provider and assign the connector to your configured SP.
The import of the IdP certificate(s) (public key) is necessary, especially to establish the trust for the signature of the assertion. Additionally you need to provide the Signing (and Encryption) certificate to the IdP.
Unfortunately there is not a single documentation available, that helped me initially to get everything working correctly. I was struggling with the configuration for several days, consuming almost every documentation I could find. I've ended up having a bunch of documents, describing single parts in a better or more understandable way than other (or especially the official documentation). The deployment guides are very helpful as well.
Maybe you can provide some more information, to make things more clear. There are differences between the TMOS versions for the configuration (paths) of SAML.