Forum Discussion
Export SAML Metadata
Working on setting up APM (11.4.1) as a SAML service provider to an External IdP. Got the External IdP connector setup fine. Got the Local SP Service setup and bound to External IdP. In trying to Export the Metadata for the Local Service Provider in APM, I hit the Export Metadata option, and regardless if I Sign Metadata or not when I hit the Download button, I get nothing. No file download prompt in the browser or notice as to where the XML file may have been placed. How do I actually export the SP metadata so I can setup the F5 Relying Party in the IdP? The manual simply says "APM downloads an XML file". OK what does that mean? Thanks
- Matt_DierickEmployee
Seems to be a browser issue. Can you try with another browser ?
Actually, when you select your SP, the button appears and when you click on download, file is downloaded on your laptop.
- Kevin_StewartEmployee
It is as simple as that. Barring any issues with APM itself, if the SP configuration exists it should be available by clicking the download button. Is it possible that your browser and/or antivirus is blocking it? You can also export it from the command line with tmsh:
tmsh modify ap] export-metadata no-signing metadata-file [path and name of new file]
- Eric_Raff_11012Nimbostratus
Thanks for the response guys. No change on different browsers or incognito. I do see this request when I say not to Sign Metadata: https://my.lb.host/tmui/tmui/util/ajax/download.jsp?config=sp&name=%2FCommon%2Fdiztest_saml_sp&type=saml-metadata&export-metadata=no-signing&metadata-key=%2FCommon%2Fca-internal.key&metadata-cert=%2FCommon%2FBPOC-Engineer110-CA.crt&txId=1404939313288&requestID=w4iU0hoVF%2BeBjAEVReAkQMjeZew%3D&renderedTime=Wed%20Jul%2009%2014%3A55%3A12%20MDT%202014
but nothing ever gets downloaded. When I go specifically to that URL in a new tab, I get back an XML Parsing Error: no element found in FFox and similar in Chrome. Interesting that it has the export-metadata=no in it but still references a metadata key and certs even without picking them in the drop down list. Kevin, I'll try the tmsh option. Thanks
- Eric_Raff_11012Nimbostratus
SOLUTION: I was using an account that has Manager permissions instead of one with Administrator permissions. As soon as we tried downloading when logged in as Administrator, we got the metadata to download just fine via the browser. This seems strange as as a Manager I can create everything but cannot download the metadata? Maybe a "feature"? Thanks
- ANNimbostratus
I am running into same issue for export meta data file. I have configure BIGIP as IDP... I am logged in as administrator but still same issue.
"File(S) access/permission or signing key mismatch error. See log file."
I have created External SP Connectors using .xml file from ADFS. In IDP configuration-> Security Settings: I can see certificate from ADFS but there is no Signing Key.
I tried using any key and adfs cert still same error.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com