You're almost there. Here is what you need to do in terms of iRUles. The gist is that you need to name your IDP resource and redirect to the proper webtop resource. You can try to automate it like you did to dynamically populate respond string, or you can define them statically in the switch statement - that way you can have more user-friendly setup, I believe. Keep in mind that in this case we assume you use Common partition(thus /Common/IDPresourceName reference - substitute that for what your resource is really defined as)
when HTTP_REQUEST priority 30 {
if {[ACCESS::policy result] eq "allow"; }
{
switch -glob [HTTP::path] {
"/IDPResource";
{
HTTP::respond 302 Location "/saml/idp/res?id=/Common/IDPResourceName"
return
}
}
}
}
` ACCESS Policy Response used to provide IdP Initiated SAML for users that have not logged in yet
when ACCESS_POLICY_COMPLETED priority 30 {
switch -glob [ACCESS::session data get session.server.landinguri] {
"/IDPResource"
{
ACCESS::respond 302 Location "/saml/idp/res?id=/Common/IDPResourceName"
return
}
}
}