Bug ID 840249: With BIG-IP as a SAML IdP, important diagnostic information is not logged

Last Modified: Apr 29, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Opened: Oct 17, 2019
Severity: 4-Minor

Symptoms

When BIG-IP is configured as a SAML IdP and processes an SAML Authentication Request, if it does not find the appropriate SAML SP connector then it does not log relevant information such as the Issuer, ACS _URL and Protocol binding from the Authentication request.

Impact

Troubleshooting the issue and fixing the SAML configuration is difficult since there is no relevant information in the error log

Conditions

This occurs when BIG-IP is configured as a SAML IdP and processes a SAML Authentication request but does not find an appropriate SP configuration that matches the information provided in the SAML Authentication request.

Workaround

The workaround is to enable the log level for SSO to "Debug", and capture the logs at the debug level to troubleshoot further.

Fix Information

None

Behavior Change