I try to configure saml with Keycloak and APM.
I am correctly redirected to the login page of Keycloak but when I'm come back to F5 my session is deny.
When I check on logs I can see "SAML assertion is invalid, error: Id of InResponseTo should match id of authentication request".
Someone have an idea of why I have this message ?
Thanks in advance all !
Have you got SAML tracer available by any chance? (https://chrome.google.com/webstore/detail/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch?hl=en - also available for Firefox)
That should give you insight in what the exact message is that you're getting back from Keycloak. Have a look specifically at the "InResponseTo=" field in the response and compare it with the "ID=" field in the original request from the F5 to Keycloak.
There may be some more useful information here; https://support.f5.com/csp/article/K05876945
Hope this helps.