Last Modified: Apr 10, 2019
Affected Product:
See more info
BIG-IP APM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
13.0.0, 12.1.3
Opened: Sep 26, 2016
Severity: 3-Major
BIG-IP supports import of external SAML SP metadata to create SP-Connector objects. When such metadata file contains two certificates (one with 'signing' and one with 'encryption use) then BIG-IP will import certificate that is positioned 'second' in metadata twice.
There is no impact if in metadata signing and encryption certificates are the same. If certificates are different - SAML SSO may not function properly due to incorrect certificate imported in configuration.
Imported metadata contains two certificates with different use types: 'signing' and 'encryption'
Import certificates manually, and assign them to created from metadata SAML SP connector
Issue is now fixed: both certificates are imported correctly.