Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

SAML XML modification

I'm setting up a SAML SP. The IDP is external and already in place, working for a bunch of other of their customers. I'm pretty new at this so I have a few questions.

What I've done so far is setup the SP locally, import the IDP xml, bind the SP to external IDP. I have an Access Policy made with a simple SAML agent, nothing complex there. All that seems pretty straight forward. Then I exported the SP XML and uploaded it onto a SAML portal the IDP organisation provides. It then valides my SP XML and gives a number of errors and warnings back. NONE of these errors can be fixed via the GUI as far as I can see. There are blocks of XML missing and other values the IDP wants that are not selectable in the GUI. So here are my questions:

  1. Is the solution to export the SP XML and manually edit the XML file before uploading it to the IDP?
  2. Do I need to import the modified XML to my local SP as well? Will the BIGIP understand and comply with the modifications made?

I'm running version 13.1.

Rate this Question

Answers to this Question


Re #1: Yes. You can take the exported SP XML metadata file, and modify it manually the way your IDP needs. Most of the time the data your IDP needs from your SP is just:

  • entityID
  • X509Certificate
  • AssertionConsumerService
  • SingleLogoutService

You can copy that info from the exported SP XML metadata and either use some SAML SP generator available on the internet, or just manually edit and create your own SP XML file.

Re #2: No, you do not import such file back to F5.