Forum Discussion

Nimbostratus

Sep 11, 2018

Can SAML request issuer and SP connector entity id be different

Here's my problem. Our f5 is acting as idP. When I go to the SP initiated link it does not work. I get a page cannot be displayed. I can see in fiddler it's adding - ?binding=urn:oasis:names:tc:S...

BIG-IP Access Policy Manager (APM)

security

youssef1

Cumulonimbus

Sep 11, 2018

Hi,

You have to check 2 things, so it's a good thing that you use Fiddler.

Capture saml request using fiddler then decode the saml request using this link:

https://www.samltool.com/decode.php

Then checked the following point in your saml request (decode):

saml issuer

It will be your SP entity ID that you set in your external SP

ACS: saml AssertionConsumerServiceURL

AssertionConsumerServiceURL="It will be ACS URL that you set on your external SP"

if that's not the case you have to change the settings of your external sp on F5, for addapter. Sometimes you retrieve metadata of an external app and app owner change them without provide you the new info...

Hope it's clear. keep me update.

regards

Forum Discussion

Can SAML request issuer and SP connector entity id be different

Recent Discussions

How to Match Dynamic URI Segments in AS3

URI modification

Need help on i-rule to specific uri path

HA Active Directory for F5 authentication

NGINX - Need more details on NGNIX WAF

Related Content

Knowledge sharing: Containers, Kubernetes, Openshift, F5 Container Connector, NGINX Ingress

Logging DNS Requests

How to Set up F5 Application Connector

Copper SFP Differences

Using Client Subnet in DNS Requests