Bug ID 439452: SAML SLO doesn't work if NameID Value contains spaces

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Opened: Dec 03, 2013
Severity: 2-Critical
Related AskF5 Article:
K15768

Symptoms

SAML single log out (SLO) does not work if the NameID value in the SAML Assertion contains spaces. If you use a value with a space, you receive errors

Impact

SLO does not work and you receive errors.

Conditions

Using a space in the NameID value.

Workaround

If the NameID value includes a space, then URL encode the space to %20. Type %20 in place of space into the Assertion Subject Value field. You configure this field when the BIG-IP system acts as a SAML Identity Provider (IdP) and you are configuring a Local IdP Service and setting Assertion Settings for it.

Fix Information

None

Behavior Change