Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Limit SP metadata SLO xml tag to POST or REDIRECT..

kimhenriksen
Cirrostratus
Cirrostratus

So.. I´ve setup a sp in apm. The sp is configred to use post binding.

But we have an issue with adfs, as the metadata we export for the sp contain both post and redirect.. the clients use redirect..and both post and redirect are present as endpoints in adfs.

Is it standard for the metadata to contain both or is that a piece of config we missed?

At the moment we´ve manually removed the redirect part of the xml to solve it, but would be nice to know if it´s a configuration mistake or if its default behaviour. 

 

3 REPLIES 3

Scot_JC
F5 Employee
F5 Employee

Hi,

I admit I do not see any other option but to log a Support ticket, so that we can raise an RFE - Request For Enhancement  - to BigIP software.

Regards,

Thanks, will do. We´ve hit this bug (https://cdn.f5.com/product/bugtracker/ID935193.html), and as the workaround states that you should configure POST instead of redirect.. but as both are present that doesn´t change anything from the clients perspective. 

But are both always present in the metadata?

I don't think so (or I have misunderstood your request ;)). I understood you want to have more control over the metadata the BigIP is generating. If so, this has nothing to do with this bug. Metadata is used just once when we create the SAML object or entity. Once the AML object is created - with importing the metadata - we can still update the config, to get over some difficulty, as the bug you mention.

"But are both always present in the metadata?": yes.