Last Modified: Dec 05, 2024
Affected Product(s):
BIG-IP APM, Install/Upgrade
Known Affected Versions:
17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4
Fixed In:
17.1.2
Opened: Jan 04, 2024 Severity: 3-Major
SP shows access denied page In SP APM logs you see the error "Response/assertion is not signed" SAML Agent: /Common/basestar_sp_policy_act_saml_auth_ag failed to parse assertion, error: $fmt
Unable to access SP
-- Upgrade to 17.1.0 -- Configure BIG-IP as SP with "Want Signed Assertion" and "Want Encrypted Assertion" enabled in the SP service config -- Response from the IDP is received without a signature element
-- If using BIG-IP as IdP enable 'Response must be signed' in the spconnector config -- If using other IdPs ensure to send an assertion Response with a signature XML element.
Changed error handling to match older BIG-IP version behavior.