Authentication via Azure AD blocked by Access policy

Question

Hi,&nbsp;Device:Virtual Edition.BIG-IP 14.1.0.6 Build 0.0.9 Point Release 6&nbsp;I have published my site behind F5, and because of some security reason  I want to make authentication through Azure AD.I have configured both F5 and Azure also.&nbsp;Authentication via Azure works, but then I receive "Access was denied by the access policy."&nbsp;And here are details why it was blocked:&nbsp;Log Message/Common/SSO_AAD.app/SSO_AAD:Common:12243713: SAML Agent: /Common/SSO_AAD.app/SSO_AAD_saml_auth_ag failed to process signed assertion, error: RSA decryptPartitionCommon&nbsp;I checked old discussion and there were som bug, but it was very old version, so I guess it does not affect my F5.Do you have any idea, what should be the issue ?&nbsp;Thank you&nbsp;&nbsp;&nbsp;&nbsp;

nag · Accepted Answer

Hi,&nbsp;It could be that cert automatically imported as part of metadata causing issues.&nbsp;Can you try manually importing the cert and specify it in the external Idp connector.  &nbsp;I refereed to the following to answer your question.https://devcentral.f5.com/s/question/0D51T00006i7fnTSAQ/saml-sp-with-google-as-idp-error-decrypting-rsa&nbsp;Regards,Nag

Forum Discussion

Authentication via Azure AD blocked by Access policy

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

HTTP Basic Access Authentication iRule Style

Zero Trust building blocks - Leverage Microsoft Intune endpoint Compliance with F5 BIG-IP APM Access

Disable/Block access to Network Map

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS