Thanks Tim, appreciate the information.
I have worked through the guide and its got me very close to a solution. The SAML integration from CPPM is working well, I can manually browse the page and run through the sign in, seeing the application authentication in the logs etc - all good.
However when I then try it by actually connecting to the SSID, I'm getting a SSL Certificate error when its firing me over to the https portal for SAML. Looking at the error, it seems that I'm being presented with the controllers cert CN=securelogin.arubanetworks.com.
I've seen some similar issues in the forum (although nothing specifically SSO/SAML), but in our case we're using a SaaS SAML platform, therefore it would be impossible to use a certificate on the controller which would be valid for this domain. Eg we couldn't just implement a wildcard cert for our domain on the controller because we're being directed to a 3rd party platform for auth.
We've raised a ticket with Aruba support directly, but until then... has anyone got any ideas?