Forum Discussion

Nimbostratus

Feb 28, 2018

Is F5 SAML implementation in APM vulnerable to the recent authentication bypass attacks via incorrect XML canonicalization and DOM traversal?

Hi all, Duo Security has published several vulnerabilities on SAML implmentations, which apparently is related to XML canonicalization and DOM traversal. Does anyone know if F5 implementati...

BIG-IP Access Policy Manager (APM)

saml

security

Nav_126513

Nimbostratus

Feb 28, 2018

Related CERT entry

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Is F5 SAML implementation in APM vulnerable to the recent authentication bypass attacks via incorrect XML canonicalization and DOM traversal?

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

CORS implementation

F5 Distributed Cloud for Global Layer 3 Virtual Network Implementation

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Implementing basic OAuth with F5 BIG-IP APM

CNSA 2.0 Implementation Guide with OpenSSL: How to Build a Quantum-Resistant Certificate Authority

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS