Forum Discussion
nland_178813
Nimbostratus
NimbostratusAPM as SAML SP
Hello, I have the BIG-IP virtual environment and I am trying to set up APM as a SAML SP. I've followed this KB to set it up successfully. However, I'm having a lot of trouble with the virtual server ...
Sorry for delayed response. I was able to get this working correctly. After talking with my networking guy, we discovered we had an issue in our network setup. Once we corrected our network issue, I was able to set up APM as an SP without issue.
ANNimbostratus
Nimbostratus@nland
I am planning to configure (ADFS as iDP and F5 APM as SP). I have APM Policy as
Start -> SAML Auth -> SSO Credentail Mapping -> Allow
Deny
I imported XML file from ADFS into External Idp Connectors under SAML-> BIG IP as SP
Local SP Services configured as following: General Setting ~~~~~~~~~~~~~~~ Name: F5-SP Entity ID: https://login.example.com SP Name Settings: Scheme: https Host: login.example.com
Endpoint Settings: ~~~~~~~~~~~~~~~~~ Assertion Consumer SErvice Binding: POST
Security Settings: Checked "Authentication Request" (certificate and Keys are selected different than ADFS) Checked: Want Signed Assertion Unchecked: Want Encrypted Assertion
Advanced Setting: Unchecked: Force Authentication Checked: Allow Name-Identifier Creation
Name-Identifier Policy Format: urn:oasis:names:tc:SANL:1.1:nameid-format:WindowsDomainQual...
SP Name-Identifier Qualifier: None
I am getting following error: /frontend/F5-SP:frontend:dbad7144: Executed agent '/frontend/F5-SP_act_saml_auth_ag', return value 3 /frontend/F5-SP:frontend:dbad7144: Session variable 'saml./frontend/F5-SP_act_saml_auth_ag.SAMLRequest' set to 'hhhhhhhhhhhhXXXXXX' /frontend/F5-SP:frontend:dbad7144: SAML Agent: /frontend/F5-SP_act_saml_auth_ag SAML assertion is invalid, error: Assertion status is not successful /frontend/F5-SP:frontend:dbad7144: Executed agent '/frontend/F5-SP_act_saml_auth_ag', return value 0 /frontend/F5-SP:frontend:dbad7144: Following rule 'fallback' from item 'SAML Auth' to ending 'Deny'