Forum Discussion
kbasa_279826
Nimbostratus
NimbostratusSAML SLO fails
Configured BIGIP as IDP and ADFS plays the role of SP.
SSO works as expected with no issues.
When trying an SP initiated SLO from ADFS , an logout request is sent to BIGIP and in it return sends th...
Sergei_Miadzvez
Altocumulus
AltocumulusStatusCode "urn:oasis:names:tc:SAML:2.0:status:Requester" indicates that processing of received SLO request failed. The actual cause of failure is logged in /var/log/apm.
kbasa_279826Here it is .....
Aug 8 11:57:07 apm err tmm1[17840]: 014d0002:3: 2471d44b: SSOv2 Error verifying SAML message signature - RSA verification failed, check SP certificateAug 8 11:57:07 apm err tmm1[17840]: 014d0002:3: 2471d44b: SSOv2 Error(22) verifying enveloped signatureAug 8 11:57:07 apm err tmm1[17840]: 014d0002:3: 2471d44b: SSOv2 Error(22) enveloped signature verification failedAug 8 11:57:07 apm err tmm1[17840]: 014d0002:3: 2471d44b: SSOv2 Error (22): SAML SLO request signature verification failedAug 8 11:57:07 apm err tmm1[17840]: 014d0002:3: 2471d44b: SSOv2 Validation of SAML SLO request from SP (http://cs-auto11.cloud.com/adfs/services/trust) to this BIG-IP as IdP (/Common/Local-IDP) failed.
- kbasa_279826
I just found this strange behavior , When i upload ADFS metadata from a file into BIG IP. It stores the ADFS ( Signing and Encryption ) certificates in the BIG-IP System. But the issue here is , it stores the Encryption certificate as both Signing and Encryption certificates. Though it stores with different names , the certificate is same.
I tried to import the metadata from file from 2 different ADFS machines , the issue is the same.
Any ideas on what could be wrong ..