Forum Discussion

Mattias_Anderss's avatar
Mattias_Anderss
Icon for Nimbostratus rankNimbostratus
Apr 09, 2015

APM Create SAML Idp from META-data fails. MCP Error: 01070734:3

Hi,

 

im running into a wierd problem. Im trying to import an external Idp connector from META-data. But im getting an error that i don't understand. I have tried to search in the forum and on the web for an answer but it seems like no one ever had this problem:

 

"MCP Error: 01070734:3: Configuration error: apm aaa saml-idp-connector /Common/etj-ver : Signature verification failed. File contents changed"

 

Anyone know what it means? Im guessing there is something wrong in the META-data but its quite hard to make anything out of this error message. The Idp have a wildcard certificate in it, could that be a problem for APM?

 

Cheers // Mattias

 

BIG-IP Access Policy Manager (APM)
deployment
idp
metadata
security
  • kunjan_118660's avatar
    kunjan_118660
    Apr 09, 2015

    Is it a signed Metadata? It might be an invalid Cert with which you validate it? Try importing without signature.

     

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Apr 09, 2015

    Is it a signed Metadata? It might be an invalid Cert with which you validate it? Try importing without signature.

     

    • Mattias_Anderss's avatar
      Mattias_Anderss
      Icon for Nimbostratus rankNimbostratus
      Apr 09, 2015
      Yes its signed. But how could i import this without signature? I just got the file from a provider, i need to ask them to not sign the METADATA-file then? Then i need to import the certificate?
  • kunjan_118660's avatar
    kunjan_118660
    Icon for Cumulonimbus rankCumulonimbus
    Apr 09, 2015

    Is it a signed Metadata? It might be an invalid Cert with which you validate it? Try importing without signature.

     

    • Mattias_Anderss's avatar
      Mattias_Anderss
      Icon for Nimbostratus rankNimbostratus
      Apr 09, 2015
      Yes its signed. But how could i import this without signature? I just got the file from a provider, i need to ask them to not sign the METADATA-file then? Then i need to import the certificate?
  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Apr 09, 2015

    If not signed it will simplify the import process and no need to import certificate. The error comes when signed option is selected and APM cannot validate it. It could be the cert imported is invalid or the metaData is not signed correctly.

     

  • Mattias_Anderss's avatar
    Mattias_Anderss
    Icon for Nimbostratus rankNimbostratus
    Apr 16, 2015

    Hi again,

     

    sorry for the late reply. When we removed the DS:Signature from the meta-data it worked like a charm. So as you said something must have been wrong with the signing. Thanks for the help!