No you need 2 connectors. One for internal one for external. I have 4 for "redundancy" and fun I can say ![]()
As you say one with useGatewayAsIDP = N and the other with useGatewayAsIDP = Y is what you need. After you can add more.
I think you got it right. you need of course a cert for the load balanced url that you will apply to the connectors, change the url in the idp part.I have also loaded the cert in my loadbalancer. I use a SAN cert so I can have as many names as I want.
In the docs I have been reading it mentions to tick the box for redirection. figured out for me it was working only when that box was unticked. Had also that AD object issue that was blocking the Kerberos.
Give a look in the F5 whitepaper even if you don t have the same box. Might also help. there is also another post where someone is describing how he did. It has no replies should be easy to spot.
Seb