Bug ID 457925: When BIG-IP as SAML SP, IdP initiated authentication may show error on first attempt to authenticate, but work on second.

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4

Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF6

Opened: Apr 18, 2014
Severity: 2-Critical
Related AskF5 Article:
K15756

Symptoms

When the BIG-IP APM system is configured as a SAML service provider (SP), and the system receives an assertion in IdP initiated case, sometimes it may display the message "Your session could not be established." However, when you click on "re-login" button session is successfully established.

Impact

Authentication may not work for the first attempt.

Conditions

BIG-IP APM is configured as a SAML Service Pproviderm, and there is an IdP initiated scenario.

Workaround

Use SP initiated authentication instead.

Fix Information

When BIG-IP as SAML SP, IdP initiated authentication now works with the first attempt.

Behavior Change