Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP APM
Fixed In:
14.0.0
Opened: Aug 09, 2017 Severity: 3-Major
The entityID property of SAML IdP object ('apm sso saml') accepts only valid URI as the value. All other values are deemed invalid. This creates a suboptimal configuration experience in certain use-cases. For instance, when the deployment contains two SAML IdP configuration objects that are essentially identical, with the only difference being the entityID value, validation prevents reusing the same object, and mandates creation of two independent configuration objects.
None. This is a usability enhancement.
BIG-IP is used as SAML Identity Provider with two or more IdP configuration objects. The only difference between two (or more) configured IdP configuration objects is the value of entityID.
Creating multiple IdP objects.
This enhancement supports configuring an APM session variable in the entityID property of SAML Identity Provider ('apm sso saml') objects, thus reducing the number of nearly duplicate IdP configuration objects. NOTE: When a session variable is used in the entityID property of a SAML Identity Provider object, the SAML metadata exported by such object must be edited manually to replace the session variables with valid FQDN names before the metadata is shared with external parties.