Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2
Fixed In:
13.0.0, 12.1.3
Opened: Sep 26, 2016 Severity: 3-Major
BIG-IP supports import of external SAML SP metadata to create SP-Connector objects. When such metadata file contains two certificates (one with 'signing' and one with 'encryption use) then BIG-IP will import certificate that is positioned 'second' in metadata twice.
There is no impact if in metadata signing and encryption certificates are the same. If certificates are different - SAML SSO may not function properly due to incorrect certificate imported in configuration.
Imported metadata contains two certificates with different use types: 'signing' and 'encryption'
Import certificates manually, and assign them to created from metadata SAML SP connector
Issue is now fixed: both certificates are imported correctly.