Forum Discussion
AlexS_yb
Cirrocumulus
CirrocumulusSAML artifact server - using redirect not post
Hi had a working setup. login.test.com -> SAML IDP Auth.test.com -> OAuth server + SAML SP - to get a OAuth token you needed a SAML ID this worked well until I realised some of the redirects wher...
AlexS_ybCirrocumulus
CirrocumulusQuick update - F5 tech support - nearly 5 days later - well its xmas. seems like I have run into a bug.
something about http vs https. want me to present the ARS via port 80 not port 443.
Tried it again nothing - the ARS kills the connection after recieveing it !
Still at a loss on how to debug or even verify that ARS is working properlu
Scot_JC
Employee
EmployeeHi,
When it comes to troubleshooting, I'd record a packet trace aftere we enabled the TCP Reset causes:
- tmsh modify sys db tm.rstcause.pkt value enable
tmsh modify sys db tm.rstcause.log value enable
Hopefully, this should help (tell?) us why the ARS VS is reseting the connection.
- AlexS_yb
That looks very useful, got this
No server selected
which is strange, working with F5 support team they reacon i have hit a bug - i had it attached to my https VS and had a ssl client profile. they suggested to create a new vs and add a pool. instead I attached my ars to my http VS. its almost like the VS doesn't recognise the call as a SAML.
THinking out loud - maybe because I don't have the APM profile attached to the http VS.
So setup a pool and reverse proxy it from the http to the https vs
I have done a tcpdump and I can see a rst - but nothing in the rst logs
interesting I can see the request making it to VS - i have a IRULE that captures the request and logs it !
I have tried using that post and hand crafting it with curl and sending it manually - again I can see the request coming in but noting back
- AlexS_yb
yeah 😞
