cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication via Azure AD blocked by Access policy

f5beginner
Cirrostratus
Cirrostratus

Hi,

 

Device:

Virtual Edition.

BIG-IP 14.1.0.6 Build 0.0.9 Point Release 6

 

I have published my site behind F5, and because of some security reason I want to make authentication through Azure AD.

I have configured both F5 and Azure also.

 

Authentication via Azure works, but then I receive "Access was denied by the access policy."

 

And here are details why it was blocked:

 

Log Message

/Common/SSO_AAD.app/SSO_AAD:Common:12243713: SAML Agent: /Common/SSO_AAD.app/SSO_AAD_saml_auth_ag failed to process signed assertion, error: RSA decrypt

Partition

Common

 

I checked old discussion and there were som bug, but it was very old version, so I guess it does not affect my F5.

Do you have any idea, what should be the issue ?

 

Thank you

 

 

 

 

1 ACCEPTED SOLUTION

NAG
Cirrostratus
Cirrostratus

Hi,

 

It could be that cert automatically imported as part of metadata causing issues.

 

Can you try manually importing the cert and specify it in the external Idp connector.

 

I refereed to the following to answer your question.

https://devcentral.f5.com/s/question/0D51T00006i7fnTSAQ/saml-sp-with-google-as-idp-error-decrypting-...

 

Regards,

Nag

View solution in original post

2 REPLIES 2

NAG
Cirrostratus
Cirrostratus

Hi,

 

It could be that cert automatically imported as part of metadata causing issues.

 

Can you try manually importing the cert and specify it in the external Idp connector.

 

I refereed to the following to answer your question.

https://devcentral.f5.com/s/question/0D51T00006i7fnTSAQ/saml-sp-with-google-as-idp-error-decrypting-...

 

Regards,

Nag

f5beginner
Cirrostratus
Cirrostratus

Hi NAG,

 

thanks for answer, problem was in certificate, but also in metadata file, because of it I downloaded it again and now it works.

 

Thank you