Forum Discussion

Cirrocumulus

Dec 28, 2022

SAML artifact server - using redirect not post

Hi had a working setup. login.test.com -> SAML IDP Auth.test.com -> OAuth server + SAML SP - to get a OAuth token you needed a SAML ID this worked well until I realised some of the redirects wher...

APM SSO SAML OAuth

security

Scot_JC

Employee

Hi,

When it comes to troubleshooting, I'd record a packet trace aftere we enabled the TCP Reset causes:

tmsh modify sys db tm.rstcause.pkt value enable
tmsh modify sys db tm.rstcause.log value enable

Hopefully, this should help (tell?) us why the ARS VS is reseting the connection.

AlexS_yb

Cirrocumulus

Jan 01, 2023

That looks very useful, got this

No server selected

which is strange, working with F5 support team they reacon i have hit a bug - i had it attached to my https VS and had a ssl client profile. they suggested to create a new vs and add a pool. instead I attached my ars to my http VS. its almost like the VS doesn't recognise the call as a SAML.

THinking out loud - maybe because I don't have the APM profile attached to the http VS.

So setup a pool and reverse proxy it from the http to the https vs

I have done a tcpdump and I can see a rst - but nothing in the rst logs

interesting I can see the request making it to VS - i have a IRULE that captures the request and logs it !

I have tried using that post and hand crafting it with curl and sending it manually - again I can see the request coming in but noting back

Leslie_Hubertus
Ret. Employee
Jan 05, 2023
As you said, it's been the holidays. Just dropping a note to make sure Scot_JC saw your follow-up. Are you still experiencing the issue then, AlexS_yb?
- AlexS_yb
  Cirrocumulus
  Jan 05, 2023
  yeah 😞
  - JRahm
    Admin
    Jan 12, 2023
    hey AlexS_yb, any movement with support? I'm not sure I can help much here, but wanted to make sure I followed up. Keep us posted!