Forum Discussion

ITGem's avatar
ITGem
Icon for Altocumulus rankAltocumulus
Aug 02, 2017

Configuring PingIdentity SSO on F5 APM

I am working with my security team installing PingIdentity SSO on F5 APM version 12.1.1. I am following these instructions: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-1-0/31.htmlunique_1334181038

 

They provide me a metadata file and certificate. However, I am getting this error when importing the metadata file and certificate:

 

MCP Error: 01070712:3 apm aaa saml-idp-connector ...... :Signature verification failed. Bad certificate file passed in

 

It is a virtual F5 LTM with APM running code 12.1.1 It is provisioned with 12 gigs RAM and 2 CPUs.

 

Cpu(s): 3.0%us, 1.5%sy, 0.2%ni, 94.8%id, 0.2%wa, 0.0%hi, 0.3%si, 0.0%st Mem: 12336668k total, 12093920k used, 242748k free, 607988k buffers Swap: 1023996k total, 0k used, 1023996k free, 1635224k cached

 

Has anyone had this error? Please assist.

 

application delivery
BIG-IP Access Policy Manager (APM)
  • P_K's avatar
    P_K
    Icon for Altostratus rankAltostratus
    Aug 02, 2017

    May be something wrong with the certificate or IdP metadata file.. When do you see this error? importing the metadata or cert?

     

  • ITGem's avatar
    ITGem
    Icon for Altocumulus rankAltocumulus
    Aug 02, 2017

    Hello PK.

     

    Thanks for your response. Yes. It happens upon import of the metadata and certificate. Any ideas?

     

  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Aug 03, 2017

    Hello ITGem,

     

    First of all, did you imported the signing certificate ?

     

    You should first import the signing certificate to your BIG-IP. Once you've done this step, when importing the metadata file you should select the certifcat imported.

     

    Hope it helps,

     

    Regards