Bug ID 1007677: Artifact resolution on SAML IdP fails with error 'SAML SSO: Cannot find SP connector'

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2

Fixed In:
17.0.0, 16.1.2.1, 15.1.4.1

Opened: Mar 30, 2021
Severity: 3-Major

Symptoms

SAML fails on APM SAML IdP after receiving the SAML ArtifactResolve Request, and needs to extract Artifact data from sessionDB to build the assertion. An error is logged: -- err tmm[24421]: 014d1211:3: ::ee23458f:SAML SSO: Cannot find SP connector (/Common/example_idp) -- err tmm[24421]: 014d0002:3: SSOv2 plugin error(12) in sso/saml.c:11864

Impact

SAML may fail on APM SAML IdP using artifact binding.

Conditions

The 'session-key' in the sessiondb includes a colon ':' in its value.

Workaround

None

Fix Information

The system now handles this occurrence of 'session-key'.

Behavior Change