Bug ID 1397321: [APM][SAML IDP] BIG-IP as IDP does not include proper xml namespace declaration when thumbnailPhoto as a SAML attribute is added

Last Modified: Aug 28, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4

Opened: Nov 13, 2023

Severity: 3-Major

Symptoms

When thumbnailPhoto as a SAML attribute is added, it causes external SP to fail due to "THE SAML RESPONSE IS INVALID." "Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd - invalid_xml" The thumbNail attribute adds in a "xsi:type="xs:base64Binary" to the SAML Attribute but does not have the namespace

Impact

Malformed Assertion causes external SP to fail due to "THE SAML RESPONSE IS INVALID." which impacts in accessing resources.

Conditions

SAML configured with thumbnailPhoto as attributes added to BIG-IP as IDP.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips