F5 BIG-IP SAML configured with VIP and is getting a Digest of signature mismatch error returned.
SAML Agent: /Common/uri_check_act_saml_auth_ag failed to process signed assertion, error: Digest of signature mismatch
BIG-IP supports only exclusive canonicalization for SAML messages. Exclusive Canonicalization ensures that signatures created over SAML messages embedded in an XML context can be verified independent of that context.
F5 is rejecting our response due to the Canonicalization method being used in VIP. We recommend and accept the assertion in the supported format but send a response using a different canonicalization.
This issue is resolved in VIP 9.8
Imported Document ID: SO28422
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.