Forum Discussion
CirrusSAML and signing the whole message
I'm trying to federate with a Saas, which we are using SAML 2.0. They require the SAML response message have a signature. Currently I think that F5 only signs the assertions. Is there a way for the whole message to be signed? I do have "Assertion sent to SP by this device -> Must by Signed" check off but the SP wants the whole message to have the whole message signed.
8 Replies
David_123856Nimbostratus
I have just discovered exactlly the same issue with one of our SaaS providers. Hoping someone has an answer
kj07208_118528If you don't mind can you please tell me the vendor our's is Taleo.- David_123856Same here
The feature is added from v11.4.1, but the option is not integrated in GUI. It can be enabled with tmsh command.
tmsh modify apm sso saml-sp-connector test-sp want_response_signed true
tmsh save sys config- kj07208_118528Thanks - Time to upgrade again!
AlgebraicMirrorAltostratus
Thank you! I just had this same problem, and this answered it. I guess it is still not surfaced in the GUI even in 11.5.3, but it is in TMSH.
- kj07208_118528
Thanks it almost worked it also signed but Just one minor issue want_response_signed should be want-response-signed also if you use the tab key it will do autocomplete thanks again
Ronak_79648Is there anyway to do same in 11.3.0 Build 3131.0 Hotfix HF6? Want to check before I ask for upgrade! thanks
