SAML and signing the whole message

Question

I'm trying to federate with a Saas, which we are using SAML 2.0. They require the SAML response message have a signature. Currently I think that F5 only signs the assertions. Is there a way for the whole message to be signed?
I do have "Assertion sent to SP by this device -&gt; Must by Signed" check off but the SP wants the whole message to have the whole message signed.&nbsp;

david_123856 · Answer

I have just discovered exactlly the same issue with one of our SaaS providers. Hoping someone has an answer

kj07208_118528 · Answer

If you don't mind can you please tell me the vendor our's is Taleo.

david_123856 · Answer

Same here

wonsoo_41223 · Answer

The feature is added from v11.4.1, but the option is not integrated in GUI. It can be enabled with tmsh command.&nbsp;
 tmsh modify apm sso saml-sp-connector test-sp want_response_signed true &nbsp;
 tmsh save sys config &nbsp;

kj07208_118528 · Answer

Thanks - Time to upgrade again!

Forum Discussion

SAML and signing the whole message

8 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

POC: Create and sign a JWT with iRule

FIX Message Response

AS3 signed rpms

Modern APM Message Box

use irule to sign data using sha256