Bug ID 1381689: SAML SP does not properly sign the SAML Auth Request sent to SAML IdP when http-redirect with detached signature

Last Modified: Dec 05, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Fixed In:
17.1.2

Opened: Oct 19, 2023

Severity: 2-Critical

Symptoms

The SAML Auth Request signature is invalid.

Impact

SAML Auth req not signed properly which breaks the saml flow and impacts accessing the resources

Conditions

-- SAML sp configured with signed authn request -- SSO binding is set to http-redirect -- want-detached-signature is set to true

Workaround

None

Fix Information

Properly fetching the compressed Authn Req along with signature from tmm and sending to apmd and storing in respective session vairiables;

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips