We are using APM and have our F5's setup as SAML SP's for a number of sites. In the past we bypassed the access policy if the users were sourcing their request from within our IP space (trusted source), however we just recently changed this so now no matter what users are redirected to the IDP and then back into the resource. While this is working well for the vast majority I'm getting little complaints here and there for users accessing a specific site. When I look into the error message all it says is:
"SAML assertion is invalid, error: Invalid Session, possible use of different host names to access SAML SP"
It's strange b/c this appears to be working for thousands of users, but for the ten or so that it's not they are all getting the same error. They are sourcing from different destinations and have no common denominator other than the error message that they are getting. I can't replicate the issue so I was hoping that there was some sort of legend or document that would elaborate on the error message above so that I could try and identify what is causing this.
I am very interested in this as well but for a different reason -- I would like to get a reference to the syslog messages so I can get my SIEM to understand APM.
