Bug ID 457925: When BIG-IP as SAML SP, IdP initiated authentication may show error on first attempt to authenticate, but work on second.

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4

Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF6

Opened: Apr 18, 2014
Severity: 2-Critical
Related AskF5 Article:


When the BIG-IP APM system is configured as a SAML service provider (SP), and the system receives an assertion in IdP initiated case, sometimes it may display the message "Your session could not be established." However, when you click on "re-login" button session is successfully established.


Authentication may not work for the first attempt.


BIG-IP APM is configured as a SAML Service Pproviderm, and there is an IdP initiated scenario.


Use SP initiated authentication instead.

Fix Information

When BIG-IP as SAML SP, IdP initiated authentication now works with the first attempt.

Behavior Change