Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1
Fixed In:
14.0.0
Opened: Aug 02, 2017 Severity: 3-Major
SAML IdP connectors created by SAML IdP automation are not deleted automatically when the metadata is updated such that the corresponding EntityDescriptors are removed.
SAML IdP connector objects created by SAML IdP automation continue to exist even after the corresponding EntityDescriptors have been deleted from the metadata file.
1. Create a SAML IdP Connector Automation object pointing to a metadata file with multiple EntityDescriptors. 2. Wait for the timer(frequency) to expire. The automation would have created one IdP connector object per EntityDescriptor in the metadata file. 3. Now, update the metadata file by removing one or some of the EntityDescriptors. 4. Notice that when the timer expires after this update, the previously created IdP connectors (whose EntityDescriptors have been deleted from the metadata file) still exist.
Delete the IdP connector objects manually.
The fix takes care of deleting IdP connector objects (as well as the association with SAML SP object) when the corresponding EntityDescriptors are deleted in the metadata file.