F5 SAML Authentication
One month ago, we opened a case to F5 about SAML Authentication, haven't got the prober answer yet. Disappointing...
While still waiting for their answer, I wish here I can reach someone who really understand the issue.
Many thanks,
This is the question we asked F5 support team,
We are testing SAML authentication (Big-IP as SP) on VE (BIGIP-11.3.0.2806.0-scsi.ova). The authentication failed, we saw the log in Access Policy -> Reports SAML Agent: /Common/bletchley_act_saml_auth_ag failed to process signed assertion, error: Digest of SignedInfo mismatch.
We are bemused by this error message, as we use openSAML java library to generate the saml response (sign the XML). Our IDP works very well with Google and Juniper etc. We double checked the response (you can see it in the attachment, samlres02.txt) Decode it into saml02.xml with (https://rnd.feide.no/simplesaml/module.php/saml2debug/debug.php) This XML file (with enveloped signature) passed the test under Firefox XML Digital Signature Tool. We also checked it with Java XML Digital Signature API(Validate.java), it also passed. If it is not a known issue on VE BIGIP-11.3.0.2806.0, can you please ask your technical team to have a look?