Forum Discussion

Ingebrigt_Maurs's avatar
Ingebrigt_Maurs
Icon for Nimbostratus rankNimbostratus
May 18, 2016
Solved

SP-initiated SAML SSO doesn't remember landing URL in v 12.0.0

Hi!   I recently upgraded to v 12.0.0 (from 11.6.0), and when I retested my SP-initiated SAML SSO setup, I found that it is no longer working properly. Here is what I do:   In SP initiated SSO...
BIG-IP Access Policy Manager (APM)
security
  • Michael_Koyfman's avatar
    Michael_Koyfman
    May 18, 2016

    Yes, unfortunately v12.0 introduced a bug on this - BZ 590601 - and it going to be fixed in the later maintenance release of 12.x.x. You can either open a case with support and request it to be linked to that bug and potentially ask about engineering hotfix. However, there is also a workaround that you can attempt to configure to rectify the behavior.

     

    Workaround provided below works when first client request to BIG-IP as SP is 'GET'. This workaround is not applicable when first client request is 'POST'.

     

    SP object can be configured with relay state pointing to the landing URI: %{session.server.landinguri}

     

    After successful authentication, end-user will be redirected to the landing URI (reflected back by IdP in the relay-state).

     

    Please try to implement the workaround and share whether it works for you to address your needs.

     

Michael_Koyfman's avatar
Michael_Koyfman
Icon for Cirrocumulus rankCirrocumulus
May 18, 2016

Yes, unfortunately v12.0 introduced a bug on this - BZ 590601 - and it going to be fixed in the later maintenance release of 12.x.x. You can either open a case with support and request it to be linked to that bug and potentially ask about engineering hotfix. However, there is also a workaround that you can attempt to configure to rectify the behavior.

 

Workaround provided below works when first client request to BIG-IP as SP is 'GET'. This workaround is not applicable when first client request is 'POST'.

 

SP object can be configured with relay state pointing to the landing URI: %{session.server.landinguri}

 

After successful authentication, end-user will be redirected to the landing URI (reflected back by IdP in the relay-state).

 

Please try to implement the workaround and share whether it works for you to address your needs.

 

  • Ingebrigt_Maurs's avatar
    Ingebrigt_Maurs
    Icon for Nimbostratus rankNimbostratus
    Jun 09, 2016
    Thank you for the workaround, this worked for me. Is there a way to be notified when this issue is resolved?