Authentication via Azure AD blocked by Access policy

Question

Hi,&nbsp;Device:Virtual Edition.BIG-IP 14.1.0.6 Build 0.0.9 Point Release 6&nbsp;I have published my site behind F5, and because of some security reason  I want to make authentication through Azure AD.I have configured both F5 and Azure also.&nbsp;Authentication via Azure works, but then I receive "Access was denied by the access policy."&nbsp;And here are details why it was blocked:&nbsp;Log Message/Common/SSO_AAD.app/SSO_AAD:Common:12243713: SAML Agent: /Common/SSO_AAD.app/SSO_AAD_saml_auth_ag failed to process signed assertion, error: RSA decryptPartitionCommon&nbsp;I checked old discussion and there were som bug, but it was very old version, so I guess it does not affect my F5.Do you have any idea, what should be the issue ?&nbsp;Thank you&nbsp;&nbsp;&nbsp;&nbsp;

nag · Accepted Answer

Hi,&nbsp;It could be that cert automatically imported as part of metadata causing issues.&nbsp;Can you try manually importing the cert and specify it in the external Idp connector.  &nbsp;I refereed to the following to answer your question.https://devcentral.f5.com/s/question/0D51T00006i7fnTSAQ/saml-sp-with-google-as-idp-error-decrypting-rsa&nbsp;Regards,Nag

Forum Discussion

Authentication via Azure AD blocked by Access policy

Recent Discussions

SSL bridging without SSL proxy forward

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

Should config via cli rather than gui?

Related Content

Application Programming Interface (API) Authentication types simplified

How I did it - "Application authentication with Verizon ID and F5 Access Policy Manager"

Zero Trust building blocks - Machine Identity Management (MIM) and Workload Protection

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS