BigIP/APM as SP, fails to parse IdP SAML Assertion message when misses xsi:type

Question

For instance, such a &lt;AttributeValue&gt; in the &lt;AttributeStatement&gt;&lt;AttributeStatement&gt;&lt;Attribute Name="userid"&gt;&lt;AttributeValue&gt;QA-EU10002&lt;/AttributeValue&gt;&lt;/Attribute&gt;....&lt;/AttributeStatement&gt;has finally resulted in such an error message in the Access Policy related bebug loggings:File="ApmD.cpp",Function="process_apd_request",Line="2022",Message="processing of access policy is done, result code=fffffff3"It's really appreciated if someone would share some valueable experiences dealing with similar problems.&nbsp;/////////////a bit detailed debug loggings//////////////Jun 19 17:15:49 ::ffff:146.72.254.152 hostname="bigip-h15.vps.no",errdefs_msgno="01490004:6:",partition_name="Common",session_id="92c66590",Access_Profile="/Common/vps_auth_qa_v2.1",Partition="Common",Session_Id="92c66590",Executed_Agent="/Common/vps_auth_qa_v2.1_act_saml_auth_ag",Return_Value="3",result_str="Need User input"Jun 19 17:15:49 ::ffff:146.72.254.152 hostname="bigip-h15.vps.no",errdefs_msgno="01490266:7:",partition_name="Common",session_id="92c66590",Access_Profile="/Common/vps_auth_qa_v2.1",Partition="Common",Session_Id="92c66590",File="AccessPolicyManager/AccessPolicy.cpp",Function="_executeOneAgent",Line="249",Message="user input is required"Jun 19 17:15:49 ::ffff:146.72.254.152 hostname="bigip-h15.vps.no",errdefs_msgno="01490266:7:",partition_name="Common",session_id="92c66590",Access_Profile="/Common/vps_auth_qa_v2.1",Partition="Common",Session_Id="92c66590",File="ApmD.cpp",Function="process_apd_request",Line="2022",Message="processing of access policy is done, result code=fffffff3"Jun 19 17:15:49 ::ffff:146.72.254.152 hostname="bigip-h15.vps.no",errdefs_msgno="01490266:7:",partition_name="Common",session_id="92c66590",Access_Profile="/Common/vps_auth_qa_v2.1",Partition="Common",Session_Id="92c66590",File="ApmD.cpp",Function="writeSessionVarToSessionDb",Line="2649",Message="syncing data with MEMCACHED"

whisperer · Answer

Did you search previous error codes similar to yours? Take a look at https://community.f5.com/t5/technical-forum/saml-sso-authentication-via-big-ip-edge-client-for-network/td-p/268531.&nbsp;Key items here are to check auth completes and you are assigning a resource on the pass branch.

leslie_hubertus · Answer

dupapa&nbsp; - did&nbsp;whisperer's reply help you out, or are you still experiencing the issue? If it helps, can you please click Accept as Solution so other users can easily find help when they need it? 🙂

Forum Discussion

BigIP/APM as SP, fails to parse IdP SAML Assertion message when <AttributeValue> misses xsi:type

2 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

is it possible to use different mgmt ip for Tenant and OS ?

Best approach to serve maintenance page

WAF Policy upload using AS3

What's user role for get information with Rest API to F5

Is it possible for someone to assist me in preparing for F5-CA exams?

Related Content

F5 BigIP APM VPN some LDAP field are base64 encoded

Per-App VPN AirWatch et F5 BIGIP APM

AD attributes in SAML assertion

APM Import error: config version 15.1 is not compatible with BIGIP version 16.1

Error Encrypting a SAML Assertion from APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS