Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0
Opened: Mar 06, 2014 Severity: 3-Major Related Article:
K15814
When performing Access Policy sync with SAML resources, you receive an error that the saml_sp_connector object cannot be found on the receiving device. "Feb 27 13:30:40 cooper-apm-11-4-1-2 err mcpd[6222]: 01070734:3: Configuration error: Cannot find saml_sp_connector object /Common/SomethingTOSync associated with saml_sso_config object /Common/federate.f5.com-attask"
Unable to sync Access Policy when there is SAML resources and SAML SP Connector are there.
Policy Sync failed with SAML resources.
To work around the problem, create the saml-sp-connector on the second BIG-IP system and then perform the sync. Sync will complete successfully for the other objects. Here are tmsh commands for creating a SAML SP connector: apm sso saml-sp-connector SomethingTOSync { assertion-consumer-uri http://SomethingToSync entity-id http://SomethingTOSync.com } (It appears that when creating a new object, the order is not correct and the saml-sp-connector does not get created before the resource object.)
None