Forum Discussion
CirrocumulusInvalid nonce error messages with mobile devices and F5 as SAML SP/IDP
CirrusHey Marvin, can you test going to a webtop in the rule? Then clicking on the configured SAML app?
MarvinHi Shawn, We don't use webtops at all on F5, all is SP initiated going to F5 IDP or just plain HTTP going directly to F5 configured as the SP itself. Why do you mention this, could you give me some more background information please?
- Marvin
For this policy the first step is SAML auth to F5 SP which connects to external IDP connector on the F5.
- Shawn_Conway
was just thinking of trying it for troubleshooting to see if the F5 idp is working properly on device using a browser. we are doing same thing with our apps you can go directly to them or to a webtop (mainly for me for testing). but we are on version 14.0.0.5 and do not have an issue, but on 13.1 it was working as well so could be a new update on devices? i am going to 15.1 end of month to stay in supported version.
- Marvin
it seems that the F5 SP wants to perform the SAML auth to the external IDP connector (where the client already had an active session) but this is never executed and the F5 APM (SP) directly responds with this error message, this is so weird behavior.
