Forum Discussion
Is there an APM SAML error legend or documentation?
We are using APM and have our F5's setup as SAML SP's for a number of sites. In the past we bypassed the access policy if the users were sourcing their request from within our IP space (trusted source), however we just recently changed this so now no matter what users are redirected to the IDP and then back into the resource. While this is working well for the vast majority I'm getting little complaints here and there for users accessing a specific site. When I look into the error message all it says is:
"SAML assertion is invalid, error: Invalid Session, possible use of different host names to access SAML SP"
It's strange b/c this appears to be working for thousands of users, but for the ten or so that it's not they are all getting the same error. They are sourcing from different destinations and have no common denominator other than the error message that they are getting. I can't replicate the issue so I was hoping that there was some sort of legend or document that would elaborate on the error message above so that I could try and identify what is causing this.
Thanks.
- I am very interested in this as well but for a different reason -- I would like to get a reference to the syslog messages so I can get my SIEM to understand APM.
- EdouardCirrus
Greetings, were you able to get a fix for this problem ?.
Thanks,
- Abdessamad1Cirrostratus
I saw this error log sometimes, but didn't find any relevant explanation.
Anyone was able to find something useful?
Thanks
- PSilvaRet. Employee
Hi - This might help. It's the Log Messages Reference Document:
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/log-messages.html
I did a page search for 'SAML assertion' and a couple appeared similar to your error message.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com