Forum Discussion
NimbostratusF5 APM as SP - external IDP provides two signing certificates
The external IDP we use is in the process of updating their certificates. For a transition period they provide both the old and the new one. I imported the metadata provided by the IDP and I can indeed see twice the , once for each certificate. However when using this external IDP the APM rejects the connection because of "IDP certificate mismatch" error.
Is there a way to have the APM accept both certificates?
Regards Carol
Hello raZorTT, what version are you on? This used to be not supported, but is fixed specific versions:
Bug ID 668129: BIG-IP as SAML SP support for multiple signing certificates in SAML metadata from external identity providers.
raZorTTCirrostratus
Hi
Has anyone been able to achieve the above? I'm in a similar situation in about 2 weeks time.
Cheers,
Simon
Dave_WEmployee
Hello raZorTT, what version are you on? This used to be not supported, but is fixed specific versions:
Bug ID 668129: BIG-IP as SAML SP support for multiple signing certificates in SAML metadata from external identity providers.
- raZorTT
Hi Dave,
Thanks for that 👍
We are on 12.1.3.5, so fingers cross we will be all good!