Export SAML Metadata

Question

Working on setting up APM (11.4.1) as a SAML service provider to an External IdP.
Got the External IdP connector setup fine.
Got the Local SP Service setup and bound to External IdP.
In trying to Export the Metadata for the Local Service Provider in APM, I hit the Export Metadata option, and regardless if I Sign Metadata or not when I hit the Download button, I get nothing. No file download prompt in the browser or notice as to where the XML file may have been placed. How do I actually export the SP metadata so I can setup the F5 Relying Party in the IdP? The manual simply says "APM downloads an XML file". OK what does that mean?
Thanks&nbsp;

matt_dierick · Answer

Seems to be a browser issue. Can you try with another browser ?&nbsp;
Actually, when you select your SP, the button appears and when you click on download, file is downloaded on your laptop.&nbsp;

kevin_stewart · Answer

It is as simple as that. Barring any issues with APM itself, if the SP configuration exists it should be available by clicking the download button. Is it possible that your browser and/or antivirus is blocking it? You can also export it from the command line with tmsh:
tmsh modify ap] export-metadata no-signing metadata-file [path and name of new file]

eric_raff_11012 · Answer

Thanks for the response guys. No change on different browsers or incognito. I do see this request when I say not to Sign Metadata:
https://my.lb.host/tmui/tmui/util/ajax/download.jsp?config=sp&amp;name=%2FCommon%2Fdiztest_saml_sp&amp;type=saml-metadata&amp;export-metadata=no-signing&amp;metadata-key=%2FCommon%2Fca-internal.key&amp;metadata-cert=%2FCommon%2FBPOC-Engineer110-CA.crt&amp;txId=1404939313288&amp;requestID=w4iU0hoVF%2BeBjAEVReAkQMjeZew%3D&amp;renderedTime=Wed%20Jul%2009%2014%3A55%3A12%20MDT%202014&nbsp;
but nothing ever gets downloaded. When I go specifically to that URL in a new tab, I get back an XML Parsing Error: no element found in FFox and similar in Chrome.
Interesting that it has the export-metadata=no in it but still references a metadata key and certs even without picking them in the drop down list.
Kevin, I'll try the tmsh option.
Thanks&nbsp;

eric_raff_11012 · Answer

SOLUTION: I was using an account that has Manager permissions instead of one with Administrator permissions. As soon as we tried downloading when logged in as Administrator, we got the metadata to download just fine via the browser.
This seems strange as as a Manager I can create everything but cannot download the metadata? Maybe a "feature"?
Thanks&nbsp;

an · Answer

I am running into same issue for export meta data file. I have configure BIGIP as IDP...
I am logged in as administrator but still same issue.&nbsp;
"File(S) access/permission or signing key mismatch error. See log file."&nbsp;
I have created External SP Connectors using .xml file from ADFS. In IDP configuration-&gt; Security Settings: I can see certificate from ADFS but there is no Signing Key.&nbsp;
I tried using any key and adfs cert still same error.&nbsp;

Forum Discussion

Export SAML Metadata

5 Replies

Recent Discussions

VPN fragmented IP packets dropped

Problem with connecting using f5 vpn on Ubuntu/Linux; stuck on "Connecting..."

F5 APM with OIDC Web Duo Prompt

F5 not sending traffic to Web pool

Observing unexpected VLAN traffic on F5OS TMOS Tenant

Related Content

Enable SAML Service Provider on F5 Distributed Cloud Application

SAML metadata file question

Insights of F5 Distributed Cloud WAAP Events Export, New Operators and Trends features

Export Virtual Server Configuration in CSV - tmsh cli script

Problem about Export imformation to Excel