Forum Discussion
Nimbostratussaml metadata file or samlresponse from the f5
Is it possible to edit the metadata file that you export from f5? We would like to edit the saml assertionconsumerservicelocation
" -https://testimsmvc.upmc.com/LoginExternal"; xmlns:ds="; xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="I584ac376cc80fec" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress "
When we do a trace using fiddler it looks like the Assertion is posting to https://testimsmvc.upmc.com/saml/sp/profile/post/acs We were trying to see if it would post to another location by editing the file. If this is not possible, do you think we can get the samlresponse coming from the f5 to the server to POST instead of GET? Is there any setting on the big-ip to edit the saml response?
youssef1Cumulonimbus
Hi Andrea,
When you export metadata from your equipement, you export your current configuration. So if you modify ACS URL in the metadata then provide file configuration to your SP it will not working.
Because When client will process is saml response to "/NewURI/acs", he will respond to the wrong URL (because you will have changed) while F5 expects to receive its response on the URL "/saml/sp/profile/post/acs".
Second point. the binding supported by F5 is Artifact, PAOS and POST so Get is not possible unless you use an irule what I do not recommend.
To help you to find a solution I have to understand why you want to change your ACS URL and use a GET insteand a POST?
regards
Andreawhat I am trying to POST samlresponse to the application. It looks like it is posting to the f5 in the directory /saml/sp/profile/post/acs instead of the app https://testimsmvc.upmc.com/login.aspx. how do i get this to post to the application?