Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

SAML assertion is invalid

Anthony_Epron
Nimbostratus
Nimbostratus

‎03-Dec-2021 01:52

Hello,

 

I try to configure saml with Keycloak and APM.

 

I am correctly redirected to the login page of Keycloak but when I'm come back to F5 my session is deny.

 

When I check on logs I can see "SAML assertion is invalid, error: Id of InResponseTo should match id of authentication request".

 

Someone have an idea of why I have this message ?

 

Thanks in advance all !

 

Labels:
0 Kudos
1 REPLY 1

AlexBCT
MVP
MVP

‎09-Dec-2021 12:04

Hi Anthony,

 

Have you got SAML tracer available by any chance? (https://chrome.google.com/webstore/detail/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch?hl=en - also available for Firefox)

That should give you insight in what the exact message is that you're getting back from Keycloak. Have a look specifically at the "InResponseTo=" field in the response and compare it with the "ID=" field in the original request from the F5 to Keycloak.

 

There may be some more useful information here; https://support.f5.com/csp/article/K05876945

 

Hope this helps.

0 Kudos
Copyright © 2023 Khoros, LLC