Bug ID 1307441

Bug Tracker
ID 1307441

Bug ID 1307441: Case APM as SAML IDP does not include all certs from bundle when metadata file is exported

Last Modified: Oct 04, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1

Opened: Jun 15, 2023

Severity: 3-Major

Symptoms

Exported IDP/SP metadata file does not include multiple certificates.

Impact

This issue may cause SAML functionality outage as 'corrupted'/'not correct' metadata from apm as saml idp is going to be shared with saml SPs.

Conditions

1. BIG-IP configured as IDP/SP. 2. Certificate files containing multiple certificates are attached to the "Local SP/IDP service" configuration. 3. Perform metadata export of the "Local SP/IDP service" object.

Workaround

Edit the metadata file to include other certificates also by adding them under additional XML tags <ds:X509Certificate> /ds:X509Certificate>.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips