Bug ID 663127

Bug Tracker
ID 663127

Bug ID 663127: Empty attribute values in SAML Identity Provider configuration may cause error when loading configuration.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
12.1.2, 12.1.3, 12.1.3.1

Fixed In:
13.1.0, 12.1.3.2

Opened: May 04, 2017

Severity: 3-Major

Symptoms

Symptom will show as an error log in /var/log/apm similar to the one below: Internal error processing sso config /Common/idp_obj_name sso_tmconf_string_parse_list When this error message is logged, subsequent authentication attempt using this BIG-IP as IdP object will fail.

Impact

Authentication will fail for users using affected SAML IdP object.

Conditions

SAML Identity Provider configuration is invalid: attribute contains empty value(s), for example: apm sso saml /Common/idp_obj { attributes { { multi-values { "" user@f5.com } name User.Email } }

Workaround

Manually edit bigip.conf configuration fail and remove empty value(s) in SAML attribute, e.g.: apm sso saml /Common/idp_obj { attributes { { multi-values { user@f5.com } name User.Email } }

Fix Information

Empty values in SAML attributes will no longer be accepted by validation logic.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips