SAML BigIp as SP: forcing AssertionConsumerService

Question

Hi all.&nbsp;
I configured BigIP as SP in an SAML 2.0 Federation with an external IdP using custom mode.
I exported my metadata and I sent it to the Idp but they are refusing my metadata because of there is no AssertionConsumerService specified in it (they need at least one attribute specified).
In the external IdP Connector &gt; Assertion settings I specified as Identity Location "Attribute" and in Identity Location Attribute I configured an attribute name that I found in the IdP Metadata but the result is that in my metadata no attribute is specified as mandatory.&nbsp;
Anyone know where or what is wrong in my configuration?&nbsp;

michael_koyfma1 · Answer

Cri,&nbsp;
What version of BIG-IP are you using?  APM SP metadata export most definitely includes ACS.  Can you post a screenshot of your SP configuration General Settings screen?  If running v12.0 or higher and if your Entity ID is not a URL format, you need to have SP Name Settings section filled out with the hostname of the SP Virtual so it can be used to form ACS value.&nbsp;

Forum Discussion

SAML BigIp as SP: forcing AssertionConsumerService

1 Reply

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

Re: BigIP Report

BigIP Report Old

What are You a Force For?

Brute Force protection for single parameter like OTP

HTTP Brute Force Mitigation Playbook: Bot Profile for Brute Force Mitigations - Chapter 5