Forum Discussion

Nimbostratus

8 years ago

Is F5 SAML implementation in APM vulnerable to the recent authentication bypass attacks via incorrect XML canonicalization and DOM traversal?

Hi all, Duo Security has published several vulnerabilities on SAML implmentations, which apparently is related to XML canonicalization and DOM traversal. Does anyone know if F5 implementati...

BIG-IP Access Policy Manager (APM)

saml

security

amayle_299737

Nimbostratus

8 years ago

I would also like to find out if the APM is affected. We utilise OKTA via the APM and although OKTA isn't vulnerable, I am unable to find any info on whether the APM is affected.

amayle_299737
Nimbostratus
8 years ago
Thanks Erik.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Is F5 SAML implementation in APM vulnerable to the recent authentication bypass attacks via incorrect XML canonicalization and DOM traversal?

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

How to Verify config before loading to F5

Related Content

CORS implementation

Hands-On Quantum-Safe PKI: A Practical Post-Quantum Cryptography Implementation Guide

Implementing F5 NGINX STIGs: A Practical Guide to DoD Security Compliance

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Implementing basic OAuth with F5 BIG-IP APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS