Setting up SAML on F5

Has anyone setup Mattermost to use F5 load balancer for SAML?

SSO works when I access from my landing page from the F5, but whenever I attempt to access Mattermost directly via url. I get this message “You do not have permission to access this page. Access to requested SAML resource is denied. Please try again or contact your system administrator for assistance”

We set this as our SAML SSO URL

This is our Identity Provider Issuer

Service Provider Login URL

Service Provider Identifier

{“timestamp”:“2023-01-18 15:03:44.113 Z”,“level”:“debug”,“msg”:“You do not have the appropriate permissions.”,“caller”:“web/context.go:113”,“path”:“/api/v4/analytics/old”,“request_id”:“wmpr86hjr3fj5jfto85yiszz7o”,“ip_addr”:“”,“user_id”:“94ytyy91tiyf8qbyxcp7mokfgr”,“method”:“GET”,“err_where”:“Permissions”,“http_code”:403,“error”:“Permissions: You do not have the appropriate permissions., userId=94ytyy91tiyf8qbyxcp7mokfgr, permission=get_analytics,”}

F5 log

/Common/Application-AccessPolicy:Common:0daf26c6:SAML SSO: Abort reason: Error in decompression callback

Thu Jan 19 19:37:44 UTC 2023 err tmm2[11076] 014d1014 /Common/Application-AccessPolicy:Common:0daf26c6:SAML SSO: Error(16) Unable to find SAML SSO/SP Connector object matching SAML Authn Request
Thu Jan 19 19:37:44 UTC 2023 err dmz-gw1-a.example.local tmm2[11076] 014d1005 /Common/Application-AccessPolicy:Common:0daf26c6:SAML SSO: Error: No SP Connector attached to SAML SSO from assigned SAML resources matching authentication request. If ACS URL is present in authentication request it should match ACS URL from SP Connector. If Issuer is present in authentication request it should match entity_id from SP connector
Thu Jan 19 19:37:44 UTC 2023 debug example-a.example.local tmm2[11076] 014d0501 /Common/Application-AccessPolicy:Common:0daf26c6:IdP configuration /Common/Mattermost does not contain SP connector with Issuer: ACS URL: Protocol binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 0