Bug ID 437744: SAML SP service metadata exported from APM may fail to import.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.3.0, 11.4.0, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.3 HF2, 11.4.1 HF9

Opened: Nov 13, 2013

Severity: 3-Major

Related Article: K15186


SAML SP service metadata exported from APM contains elements in incorrect order which might cause it to fail to be imported by other implementations.


Import of SAML metadata with SAML IdP from BIG-IP as SP might fail.


When SAML metadata is exported from BIG-IP when it is acting as SAML Service Provider, the order of 'SingleLogoutService' and 'AssertionConsumerService' are not right.


Edit exported metadata: change the order of elements in the SPSSODescriptor so that SingleLogoutService element goes first in the sequence.

Fix Information

SAML metadata elements are exported in correct order.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips