Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.3.0, 11.4.0, 11.4.1
Fixed In:
11.5.0, 11.4.1 HF2, 11.4.0 HF4, 11.3.0 HF8
Opened: Jul 03, 2013 Severity: 3-Major
APM SAML SSO and/or SAML authentication fail with one of the following messages: "Unsupported signature alogorithm. rsa-sha1 supported" "Unsupported digest alogorithm. sha1 supported" "Digest Algorithm ... from Authn Request is not supported" "Signature Algorithm ... from Authn Request is not supported"
APM SAML fails to interoperate with other SAML implementations using RSA-SHA256/RSA-SHA512 XML signature algorithms.
APM configured as SAML SP or SAML IdP.
Reconfigure other system to use RSA-SHA1 signature algorithm.
APM SAML can now operate with other systems using either or both of these groups of algorithms: RSA-SHA256/RSA-SHA512 XML signature algorithms SHA256/SHA512 digest algorithms. It continues to sign its own SAML messages (AuthnRequests and Assertions) using RSA-SHA1.