For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DustinW's avatar
DustinW
Icon for Nimbostratus rankNimbostratus
Aug 15, 2019
Solved

TMSH/Bash command to check which SAML: BIG-IP as IdP profile is using a specific SSL certificate

I have multiple IdP profiles using the same SSL certificate. Is there a command I can run to list the IdP profiles associated to specific certificate.   This would be similar to running 'tmsh li...
  • JG's avatar
    JG
    Aug 16, 2019

    Would the following work for you:

    tmsh -q -c "cd /; list /apm sso saml recursive" | grep -E '(idp-certificate|saml-profiles)'

    ?

DustinW's avatar
DustinW
Icon for Nimbostratus rankNimbostratus
Aug 15, 2019

JG, just responding to your last reply I got via email (not sure why didn't show in this forum chain?). You asked does the below show all objects related to SAML

tmsh -q -c "cd /; list /apm sso saml recursive"

I've run the above and it does list all the APM SSO SAML profiles and the profile settings which includes the certificate used.

I guess I can export this to file and massage the data to list only my requirements or I might be able to hack the query a bit to only show the required data.

I'm pretty happy with this unless you can help further without too much hassle. Your time/effort is very much appreciated.

JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Aug 15, 2019

You can limit the output of the display to the idp-certificate attribute only, with:

tmsh -q -c list apm sso saml idp-certificate

but only if you are already in the partition /Common, for "recursive" is not available to this syntax.

You could also use "grep" on the output of:

    tmsh -q -c "cd /; list /apm sso saml recursive"

If you could share the output of this command, we can work out the exact syntax of grep for your use.