Bug ID 546405: SAML IdP meta-data exported from APM is rejected by VMware VCS

Last Modified: Dec 10, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Sep 16, 2015
Severity: 3-Major

Symptoms

SAML IdP meta-data exported from APM is rejected by VMware VCS due to extra limiting checks at VCS side.

Impact

Administrator is unable to configure APM for smart card authentication using the default-exported SAML IdP data.

Conditions

APM configured as SAML IdP, VMware View Connection Server configured as SAML SP associated with APM's IdP.

Workaround

SAML IdP meta-data can be edited manually before being imported to VMware VCS: 1. Find the <KeyDescriptor> element and copy-n-paste its contents. 2. Add use="encryption" attribute to the first <KeyDescriptor> element. 2. Add use="signing" attribute to the second <KeyDescriptor> element.

Fix Information

A new "Export as VMWare View Format" checkbox has been added to the meta-data exporting dialog.

Behavior Change