BigIP/APM as SP, fails to parse IdP SAML Assertion message when misses xsi:type

Question

For instance, such a &lt;AttributeValue&gt; in the &lt;AttributeStatement&gt;&lt;AttributeStatement&gt;&lt;Attribute Name="userid"&gt;&lt;AttributeValue&gt;QA-EU10002&lt;/AttributeValue&gt;&lt;/Attribute&gt;....&lt;/AttributeStatement&gt;has finally resulted in such an error message in the Access Policy related bebug loggings:File="ApmD.cpp",Function="process_apd_request",Line="2022",Message="processing of access policy is done, result code=fffffff3"It's really appreciated if someone would share some valueable experiences dealing with similar problems.&nbsp;/////////////a bit detailed debug loggings//////////////Jun 19 17:15:49 ::ffff:146.72.254.152 hostname="bigip-h15.vps.no",errdefs_msgno="01490004:6:",partition_name="Common",session_id="92c66590",Access_Profile="/Common/vps_auth_qa_v2.1",Partition="Common",Session_Id="92c66590",Executed_Agent="/Common/vps_auth_qa_v2.1_act_saml_auth_ag",Return_Value="3",result_str="Need User input"Jun 19 17:15:49 ::ffff:146.72.254.152 hostname="bigip-h15.vps.no",errdefs_msgno="01490266:7:",partition_name="Common",session_id="92c66590",Access_Profile="/Common/vps_auth_qa_v2.1",Partition="Common",Session_Id="92c66590",File="AccessPolicyManager/AccessPolicy.cpp",Function="_executeOneAgent",Line="249",Message="user input is required"Jun 19 17:15:49 ::ffff:146.72.254.152 hostname="bigip-h15.vps.no",errdefs_msgno="01490266:7:",partition_name="Common",session_id="92c66590",Access_Profile="/Common/vps_auth_qa_v2.1",Partition="Common",Session_Id="92c66590",File="ApmD.cpp",Function="process_apd_request",Line="2022",Message="processing of access policy is done, result code=fffffff3"Jun 19 17:15:49 ::ffff:146.72.254.152 hostname="bigip-h15.vps.no",errdefs_msgno="01490266:7:",partition_name="Common",session_id="92c66590",Access_Profile="/Common/vps_auth_qa_v2.1",Partition="Common",Session_Id="92c66590",File="ApmD.cpp",Function="writeSessionVarToSessionDb",Line="2649",Message="syncing data with MEMCACHED"

whisperer · Answer

Did you search previous error codes similar to yours? Take a look at https://community.f5.com/t5/technical-forum/saml-sso-authentication-via-big-ip-edge-client-for-network/td-p/268531.&nbsp;Key items here are to check auth completes and you are assigning a resource on the pass branch.

leslie_hubertus · Answer

dupapa&nbsp; - did&nbsp;whisperer's reply help you out, or are you still experiencing the issue? If it helps, can you please click Accept as Solution so other users can easily find help when they need it? 🙂

Forum Discussion

BigIP/APM as SP, fails to parse IdP SAML Assertion message when <AttributeValue> misses xsi:type

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Illegal Metacharacter in Parameter Name in Json Data

Cisco TACACS+ Config on ISE LTM Pair

AS3 declaration to set cookie to preferred

SSL Bridging and FQDN rewrite Policy

Checking for X-Forwarded-For against an Address Data-Group

Related Content

F5 BigIP APM VPN some LDAP field are base64 encoded

Per-App VPN AirWatch et F5 BIGIP APM

AD attributes in SAML assertion

Error Encrypting a SAML Assertion from APM

APM Import error: config version 15.1 is not compatible with BIGIP version 16.1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS