Forum Discussion

jamed_40076's avatar
jamed_40076
Icon for Nimbostratus rankNimbostratus
Jun 08, 2016

SP SAML authentication fails after token signing cert update

We're using ADFS 3.0 as our IDP, and a virtual F5 (BIG-IP 11.6.0 Build 0.0.401 Final) as the SP. Our config worked for the past year, but we needed to renew our token signing certificate. We generate...
BIG-IP Access Policy Manager (APM)
security
  • Michael_Koyfman's avatar
    Michael_Koyfman
    Jun 08, 2016

    Not sure what exactly is happening, but you are running a pretty old version of the BIG-IP. I would recommend two things:

     

    1. Export metadata from ADFS and import them to BIg-IP anew, and essentially create new IDP connector and bind it to SP config.
    2. Upgrade to 11.6.1 if 1 does not succeed in moving you forward past this.
    3. If both 1 and 2 fail to solve it, open a ticket with support to investigate further.
Mike_99062's avatar
Mike_99062
Icon for Nimbostratus rankNimbostratus
Mar 02, 2017

FYI, We ran into the same issue, with a similar setup running on 11.6.1 base. The IdP XML file we received didn't assign the IdP's Assertion Verification Certificate in Security Settings/Certificate Settings to the provided Certificate from the XML file. Once the External IdP Connector configuration was updated, SAML SP Auth was successful. Hope this helps someone.