F5 APM as SP - external IDP provides two signing certificates

Question

The external IDP we use is in the process of updating their certificates. For a transition period they provide both the old and the new one. I imported the metadata provided by the IDP and I can indeed see twice the , once for each certificate. However when using this external IDP the APM rejects the connection because of "IDP certificate mismatch" error.&nbsp;
Is there a way to have the APM accept both certificates?&nbsp;
Regards
Carol&nbsp;

dave_w · Accepted Answer

Hello raZorTT, what version are you on? This used to be not supported, but is fixed specific versions:

Bug ID 668129: BIG-IP as SAML SP support for multiple signing certificates in SAML metadata from external identity providers.

https://cdn.f5.com/product/bugtracker/ID668129.html

razortt · Answer

Hi Dave,&nbsp;Thanks for that 👍 &nbsp;We are on 12.1.3.5, so fingers cross we will be all good!

razortt · Answer

Hi &nbsp;Has anyone been able to achieve the above? I'm in a similar situation in about 2 weeks time.&nbsp;Cheers,Simon

Forum Discussion

F5 APM as SP - external IDP provides two signing certificates

3 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

F5 APM as Service Provider (SP) and Microsoft AzureAD as Identity Provider (IDP)

Enable SAML Service Provider on F5 Distributed Cloud Application

F5 Terraform providers – Helping to implement Infrastructure as Code

Re: Management Certificate

Service Discovery and authentication options for Kubernetes providers (EKS, AKS, GCP)