Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 11.6.4, 11.6.5, 188.8.131.52, 184.108.40.206, 220.127.116.11
Opened: Feb 18, 2016
BIG-IP as a SAML Service Provider fails to resolve Artifact for Assertion when using a default route domain other than 0 in administrative partitions other than "Common".
BIG-IP can fail to resolve Artifact for an Assertion, which subsequently will fail SAML SSO.
- SAML Service Provider objects 'apm aaa saml' and 'apm aaa saml-idp-connector' are created in an administrative partition other than 'Common' - Default route domain other than 0 is used for a partition where objects are created. - BIG-IP used as a SAML Service Provider and is configured to use Artifact binding.
Configure SAML Service Provider to use HTTP-POST binding instead of Artifact binding.
BIG-IP as SAML Service Provider will use default route domain from administrative partition "Common" to resolve Artifact for Assertion.