Last Modified: Oct 31, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6
Fixed In:
15.0.0
Opened: Jan 17, 2019 Severity: 4-Minor
If the SAML SP or IDP metadata has both SPSSODescriptor and IdPSSODescriptor tags, the import fails with errors like this: The metadata file '/var/tmp/1547120861955.upload' being used to create SAML IdP connector 'Kismet' is an SP metadata file.
Metadata import is not successful.
-- SP or IDP metadata file has both SPSSODescriptor and IdPSSODescriptor tags and -- Attempt to import them to create SP or IdP connector objects.
Use the following workarounds, as appropriate: -- When importing SP metadata, remove all IDPSSODescriptor tags from the metadata file, i.e., find and remove all '<IDPSSODescriptor...>...</IDPSSODescriptor>' elements, including the opening and closing tags and everything in between. -- When importing IDP metadata, remove all SPSSODescriptor tags from the metadata file, i.e., find and remove all '<SPSSODescriptor...>...</SPSSODescriptor>' elements, including the opening and closing tags and everything in between. Note: If the metadata file is signed, the signature within the metadata file must be removed. If it is not, you may experience an MCP error when importing the newly edited metadata file: Signature verification failed. File contents changed. To remove the signature from the metadata file, find and remove the signature element, including the opening and closing tags, and everything in between, e.g.: <ds:Signature...>...</ds:Signature>
Metadata import is now successful when both SPSSODescriptor and IdPSSODescriptor tags are present, and the connector object is created.