Bug ID 2304433: SAML SP assertion canonicalization fails if the AttributeValue contains arrow characters.

Last Modified: Jun 13, 2026

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4, 17.5.1.5, 17.5.1.6

Opened: May 27, 2026

Severity: 4-Minor

Symptoms

SAML authentication fails when the <AttributeValue> contains Arrows

Impact

Users affected by this issue are unable to authenticate via SAML and are denied access. Notably, the problem does not occur with other non-ASCII characters, such as Japanese.

Conditions

Occurs when AzureAD user group names includes Arrow characters in SAML assertions processed by BIG-IP APM as SAML SP.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips