SAML BigIp as SP: forcing AssertionConsumerService

Question

Hi all.&nbsp;
I configured BigIP as SP in an SAML 2.0 Federation with an external IdP using custom mode.
I exported my metadata and I sent it to the Idp but they are refusing my metadata because of there is no AssertionConsumerService specified in it (they need at least one attribute specified).
In the external IdP Connector &gt; Assertion settings I specified as Identity Location "Attribute" and in Identity Location Attribute I configured an attribute name that I found in the IdP Metadata but the result is that in my metadata no attribute is specified as mandatory.&nbsp;
Anyone know where or what is wrong in my configuration?&nbsp;

michael_koyfma1 · Answer

Cri,&nbsp;
What version of BIG-IP are you using?  APM SP metadata export most definitely includes ACS.  Can you post a screenshot of your SP configuration General Settings screen?  If running v12.0 or higher and if your Entity ID is not a URL format, you need to have SP Name Settings section filled out with the hostname of the SP Virtual so it can be used to form ACS value.&nbsp;

Forum Discussion

SAML BigIp as SP: forcing AssertionConsumerService

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Syslog server not visible in GUI

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Related Content

Extend visibility - BIG-IP joins forces with CrowdStrike

Re: BigIP Report

BigIP Report Old

SSH Brute Force Protection with SSH Proxy

Securing APIs with BigIP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS