Problems with IdP Automation

Question

We have been trying for a while to get the IdP Automation to work. The Metadata URL is accessible by BIG-IP, we have verified that using curl in an SSH terminal.
Every time BIG-IP wants to update/create the IdP, the following error message is written to the saml_automation.log file:&nbsp;
Error in create/modify of idp connector /Common/[IdP-name-based-on-config] Error: result { result_code 17237778 result_message "01070712:3: apm aaa saml-idp-connector /Common/[IdP-name-based-on-config] unable to parse metadata file /tmp/testout.xml" }&nbsp;
The following error message is written to the LTM log:&nbsp;
f5 err mcpd[4958]: 01070712:3: Caught configuration exception (0), apm aaa saml-idp-connector /Common/[IdP-name-based-on-config] unable e to parse metadata file /tmp/testout.xml.&nbsp;
Unfortunately the file /tmp/testout.xml does not exist. During the update process another file, /tmp/xml_meta.xml, is created but it gets immediately deleted.&nbsp;
Has anyone seen this behaviour before and managed to solve it?&nbsp;

peter_baumann_5 · Answer

Same problem here with v12.1.2 HF2:
Dec  1 11:26:40 f5-01 err mcpd[6777]: 01070712:3: Caught configuration exception (0), apm aaa saml-sp-connector saml_sp_spname unable to parse metadata file /var/tmp/1512123983004.upload.
SAML-SP Metadata is from Univention (UCS).

Forum Discussion

Problems with IdP Automation

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

BIG-IP Next Automation: AS3 Basics

Five Ways to Automate F5OS with Ansible: A Practical Guide

Automate Let's Encrypt Certificates on BIG-IP

F5 iApp Automated Backup

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS