For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_Guthrie's avatar
Chris_Guthrie
Icon for Nimbostratus rankNimbostratus
Mar 27, 2017

Azure SAML IdP

So we have an external IdP that is created using the federation information that we can download from our Azure account.   https://login.microsoftonline.com/{customer_id_string}/federationmetadata...
BIG-IP
BIG-IP Access Policy Manager (APM)
devops
Sergi_Munyoz_24's avatar
Sergi_Munyoz_24
Icon for Nimbostratus rankNimbostratus
Mar 28, 2017

Hi Chris. I'm not able to test import of this on my F5, due to text format I suppose... Assuming SAML begins from: "IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" I can see 3 certificates, where 2 self-signed referring to CN=accounts.accesscontrol.windows.net are almost equal in parameters (with 2 weeeks of difference in issuing date, same key lenght,...) So I think is impossible to say which one is right unless you ask it to metadata issuer (Mr. MSft), or unless Idp Automation (no experience with this) chooses the right one for you

 

Sergi_Munyoz_24's avatar
Sergi_Munyoz_24
Icon for Nimbostratus rankNimbostratus
Mar 28, 2017

No other way to solve it I think. Good luck with the question