Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP APM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
13.0.0
Opened: Feb 18, 2016
Severity: 3-Major
BIG-IP as a SAML Service Provider fails to resolve Artifact for Assertion when using a default route domain other than 0 in administrative partitions other than "Common".
BIG-IP can fail to resolve Artifact for an Assertion, which subsequently will fail SAML SSO.
- SAML Service Provider objects 'apm aaa saml' and 'apm aaa saml-idp-connector' are created in an administrative partition other than 'Common' - Default route domain other than 0 is used for a partition where objects are created. - BIG-IP used as a SAML Service Provider and is configured to use Artifact binding.
Configure SAML Service Provider to use HTTP-POST binding instead of Artifact binding.
BIG-IP as SAML Service Provider will use default route domain from administrative partition "Common" to resolve Artifact for Assertion.
