SAML SP required a value for NameID Format

Question

We are on ver 11.5.3 and have an IdP instance binding to Concur SP.  The SP required the value name of the emailAddress spell out inside NameID Format, i.e. testemail@domain.com
I believe this is a SAML artifact binding which will be available on version 11.6? Our device is max out to upgrade, is there a way that we can use an iRule to resolve this?&nbsp;

michael_koyfma1 · Answer

No, Concur does not need/use SAML Artifact- they use simple HTTP POST binding.  APM most certainly works with Concur for federation needs, all you need to do is specify email address as the format of the Subject in the IDP definition. &nbsp;
Please post back if you have not been able to get it resolved.&nbsp;

michael_koyfman · Answer

No, Concur does not need/use SAML Artifact- they use simple HTTP POST binding.  APM most certainly works with Concur for federation needs, all you need to do is specify email address as the format of the Subject in the IDP definition. &nbsp;
Please post back if you have not been able to get it resolved.&nbsp;

0_171810 · Answer

Michael,
I finally get it to work by enable Split domain from full username.  Users will have to login with email address instead of UID.  Appreciate your advice.

0_171810 · Answer

Michael,
I finally get it to work by enable Split domain from full username.  Users will have to login with email address instead of UID.  Appreciate your advice.

Forum Discussion

SAML SP required a value for NameID Format

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

Format objectGUID attribute from hexadecimal to bindable string (hyphen-separated format)

Reminder: MFA now required to log in to DevCentral

X509 Subject Formatting

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

F5 BIG-IP Sizing Requirement