Bug ID 457925: When BIG-IP as SAML SP, IdP initiated authentication may show error on first attempt to authenticate, but work on second.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.2 HF1, 11.4.0, 11.4.1

Fixed In:
11.6.0, 11.5.1 HF5, 11.4.1 HF6

Opened: Apr 18, 2014

Severity: 2-Critical

Related Article: K15756


When the BIG-IP APM system is configured as a SAML service provider (SP), and the system receives an assertion in IdP initiated case, sometimes it may display the message "Your session could not be established." However, when you click on "re-login" button session is successfully established.


Authentication may not work for the first attempt.


BIG-IP APM is configured as a SAML Service Pproviderm, and there is an IdP initiated scenario.


Use SP initiated authentication instead.

Fix Information

When BIG-IP as SAML SP, IdP initiated authentication now works with the first attempt.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips