Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

DustinW's avatar
DustinW
Icon for Nimbostratus rankNimbostratus
Aug 14, 2019
Solved

TMSH/Bash command to check which SAML: BIG-IP as IdP profile is using a specific SSL certificate

I have multiple IdP profiles using the same SSL certificate. Is there a command I can run to list the IdP profiles associated to specific certificate.   This would be similar to running 'tmsh li...
  • JG's avatar
    JG
    Aug 15, 2019

    Would the following work for you:

    tmsh -q -c "cd /; list /apm sso saml recursive" | grep -E '(idp-certificate|saml-profiles)'

    ?

DustinW's avatar
DustinW
Icon for Nimbostratus rankNimbostratus
Aug 14, 2019

JG, just responding to your last reply I got via email (not sure why didn't show in this forum chain?). You asked does the below show all objects related to SAML

tmsh -q -c "cd /; list /apm sso saml recursive"

I've run the above and it does list all the APM SSO SAML profiles and the profile settings which includes the certificate used.

I guess I can export this to file and massage the data to list only my requirements or I might be able to hack the query a bit to only show the required data.

I'm pretty happy with this unless you can help further without too much hassle. Your time/effort is very much appreciated.

JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Aug 15, 2019

You can limit the output of the display to the idp-certificate attribute only, with:

tmsh -q -c list apm sso saml idp-certificate

but only if you are already in the partition /Common, for "recursive" is not available to this syntax.

You could also use "grep" on the output of:

    tmsh -q -c "cd /; list /apm sso saml recursive"

If you could share the output of this command, we can work out the exact syntax of grep for your use.