domokos_23867
Jul 26, 2017Nimbostratus
Solved
F5 APM as SP - external IDP provides two signing certificates
The external IDP we use is in the process of updating their certificates. For a transition period they provide both the old and the new one. I imported the metadata provided by the IDP and I can indeed see twice the , once for each certificate. However when using this external IDP the APM rejects the connection because of "IDP certificate mismatch" error.
Is there a way to have the APM accept both certificates?
Regards Carol
Hello raZorTT, what version are you on? This used to be not supported, but is fixed specific versions:
Bug ID 668129: BIG-IP as SAML SP support for multiple signing certificates in SAML metadata from external identity providers.