For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Dec 04, 2013

F5 SAML Dropbox

** Hi It seems that my SAML assertion is not leaving the Big IP and looking at the debug log it looks like it is unable to interpret the authn encoded request. I have also attached the met...
BIG-IP Access Policy Manager (APM)
saml
security
Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Dec 04, 2013

Seems I am getting further and now it is failing to sign the assertion with my my private key. I have tried multiple certificates for this and they are valid:

Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 Authn Request size: 428
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 Base64 decoded Authn Request size: 303
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 SAML_ACS_BINDING: (46) urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 SAML_VERSION: (3) 2.0
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 ISSUE_INSTANT: (20) 2013-12-04T11:20:54Z
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 REQ_ID: (35) id-92e1144c0c954034989a79dc13097338
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 ACS_URL: (34) https://www.dropbox.com/saml_login
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 ISSUER: (7) Dropbox
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 NAME_ID_FORMAT: (54) urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 Using SSO config: /Common/saml_idp with SP Connector: /Common/Dropbox from ACCESS profile
Dec  4 12:21:48 tmm3 info tmm3: 014d0002:6: e25557de: SSOv2 Using SAML SSO object (/Common/saml_idp) with SP Connector (/Common/Dropbox)
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 Authn Request Validation Status Message: urn:oasis:names:tc:SAML:2.0:status:Success
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 Size of the Buffer needed for Assertion: 1674
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 Assertion TimeStamp - Valid until: 2013-12-04T11:31:48Z
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 Canonicalized Assertion SignedInfo size: 826
Dec  4 12:21:48 tmm3 debug tmm3: 014d0002:7: e25557de: SSOv2 Signing Assertion with 2048-bit IDP RSA key: /Common/booking-saml-key.key
Dec  4 12:21:48 tmm3 err tmm3: 014d0002:3: e25557de: SSOv2 Error creating signed SAML Assertion - RSA signing failed
Dec  4 12:21:48 tmm3 err tmm3: 014d0002:3: e25557de: SSOv2 Error(10) Creating Signed SAML Assertion
Dec  4 12:21:48 tmm3 err tmm3: 014d0002:3: SSOv2 plugin error(10) in sso/sso.c:427