Bug ID 958773: [SAML SP] Assertion canonicalization fails if <AttributeValue> contains spaces.

Last Modified: Dec 03, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1

Opened: Oct 26, 2020
Severity: 4-Minor

Symptoms

In /var/log/apm [apmd]modules/Authentication/Saml/SamlSPAgent.cpp: 'verifyAssertionSignature()': 5883: Verification of SAML signature #1 failed [apmd]SAML Agent: /Common/xxxxxx failed to process signed assertion, error: Digest of SignedInfo mismatch

Impact

Verification of SAML signature fails.

Conditions

SAML attribute values have double-byte spaces.

Workaround

Remove double-byte spaces from SAML Attribute values (consult a vendor who populates SAML attribute values for advice on how to remove double-byte spaces).

Fix Information

None

Behavior Change