Forum Discussion

Nimbostratus

Jun 08, 2016

Solved

SP SAML authentication fails after token signing cert update

We're using ADFS 3.0 as our IDP, and a virtual F5 (BIG-IP 11.6.0 Build 0.0.401 Final) as the SP. Our config worked for the past year, but we needed to renew our token signing certificate. We generate...

BIG-IP Access Policy Manager (APM)

security

Michael_Koyfman
Jun 08, 2016
Not sure what exactly is happening, but you are running a pretty old version of the BIG-IP. I would recommend two things:

Export metadata from ADFS and import them to BIg-IP anew, and essentially create new IDP connector and bind it to SP config.
Upgrade to 11.6.1 if 1 does not succeed in moving you forward past this.
If both 1 and 2 fail to solve it, open a ticket with support to investigate further.

Mike_99062

Nimbostratus

Mar 02, 2017

FYI, We ran into the same issue, with a similar setup running on 11.6.1 base. The IdP XML file we received didn't assign the IdP's Assertion Verification Certificate in Security Settings/Certificate Settings to the provided Certificate from the XML file. Once the External IdP Connector configuration was updated, SAML SP Auth was successful. Hope this helps someone.

Forum Discussion

SP SAML authentication fails after token signing cert update

Recent Discussions

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Open Redirection Mitigation

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

Related Content

Auditing Security Policy Updates

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

POC: Create and sign a JWT with iRule

Doing mTLS Authentication per URL

Update your DevCentral user profile