Bug ID 435779: BIG-IP as SP and IdP will not accept anything but Full URL for entity-id

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0

Opened: Oct 29, 2013

Severity: 3-Major

Symptoms

BIG-IP as Service Provider (SP) and BIG-IP as Identity Provider (IdP) do not accept anything except a full URL for EntityId.

Impact

Cannot support IdP or SP that expects a numerical value for EntityId.

Conditions

BIG-IP as SP and IdP.

Workaround

There is no work around.

Fix Information

The BIG-IP system, when configured as a SAML Service Provider (SP), now supports numerical values as part of EntityId. Metadata export still works, but the resulting XML must be edited to replace the number with a proper URL for the Assertion Consumer Service URL. You must edit the XML before exporting it to other Identity Providers (IdPs).

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips