Bug ID 437744: SAML SP service metadata exported from APM may fail to import.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.3 HF2, 11.4.1 HF9

Opened: Nov 13, 2013
Severity: 3-Major
Related Article:
K15186

Symptoms

SAML SP service metadata exported from APM contains elements in incorrect order which might cause it to fail to be imported by other implementations.

Impact

Import of SAML metadata with SAML IdP from BIG-IP as SP might fail.

Conditions

When SAML metadata is exported from BIG-IP when it is acting as SAML Service Provider, the order of 'SingleLogoutService' and 'AssertionConsumerService' are not right.

Workaround

Edit exported metadata: change the order of elements in the SPSSODescriptor so that SingleLogoutService element goes first in the sequence.

Fix Information

SAML metadata elements are exported in correct order.

Behavior Change