Last Modified: Jul 12, 2023
Known Affected Versions:
11.5.0, 11.4.1 HF2, 11.4.0 HF4
Opened: Oct 15, 2013 Severity: 2-Critical Related Article:
Related Article: K15091
BIG-IP configured as service provider (SP) fails to accept SAML assertion if SAML SLO is configured and subject NameID Format is not specified as part of SAML assertion
We fail to process the SAML Assertion.
When BIG-IP used as SAML Service Provider and SAML Single Logout is configured if the Assertion from IdP (Identity Provider) does not include NameID Format inside SAML Assertion then this condition occurs.
Configure SAML IdP such that it always sends NameID Format elememnt inside SAML Assertion.
BIG-IP as SP now accepts SAML assertions even if the NameID Format is missing from the assertion and SAML SLO is configured.