For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Dec 04, 2013

F5 SAML Dropbox

** Hi It seems that my SAML assertion is not leaving the Big IP and looking at the debug log it looks like it is unable to interpret the authn encoded request. I have also attached the met...
BIG-IP Access Policy Manager (APM)
saml
security
Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Dec 04, 2013

Ok so my session is now pulling the mail attribute and that seems working a treat. I get redirected to dropbox after successfully logging on but it cannot validate my assertion. On the external SP connector I have set: ![Image Text](/Portals/0/Users/072/96/116296/external saml connector.PNG)

When I enable assertion sent to SP by this device must be signed (as required by Dropbox) then I fail to do so (I have tried 2 different certs already):

Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 Authn Request size: 436
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 Base64 decoded Authn Request size: 304
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 SAML_ACS_BINDING: (46) urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 SAML_VERSION: (3) 2.0
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 ISSUE_INSTANT: (20) 2013-12-04T17:31:48Z
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 REQ_ID: (35) id-944d986372914c4b92247d5bb4ec7836
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 ACS_URL: (34) https://www.dropbox.com/saml_login
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 ISSUER: (7) Dropbox
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 NAME_ID_FORMAT: (54) urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddres                                                                                s
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 Using SSO config: /Common/saml_idp with SP Connector: /Common/Dropbox from                                                                                 ACCESS profile
Dec  4 18:33:18 tmm2 info tmm2: 014d0002:6: d9f1431c: SSOv2 Using SAML SSO object (/Common/saml_idp) with SP Connector (/Common/Dropbox                                                                                )
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 Authn Request Validation Status Message: urn:oasis:names:tc:SAML:2.0:statu                                                                                s:Success
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 Size of the Buffer needed for Assertion: 1689
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 Assertion TimeStamp - Valid until: 2013-12-04T17:43:18Z
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 Canonicalized Assertion SignedInfo size: 826
Dec  4 18:33:18 tmm2 debug tmm2: 014d0002:7: d9f1431c: SSOv2 Signing Assertion with 2048-bit IDP RSA key: /Common/booking-saml-key.key
Dec  4 18:33:18 tmm2 err tmm2: 014d0002:3: d9f1431c: SSOv2 Error creating signed SAML Assertion - RSA signing failed
Dec  4 18:33:18 tmm2 err tmm2: 014d0002:3: d9f1431c: SSOv2 Error(10) Creating Signed SAML Assertion
Dec  4 18:33:18 tmm2 err tmm2: 014d0002:3: SSOv2 plugin error(10) in sso/sso.c:427