F5 Implementation

From GFIPM Implementation Wiki
Revision as of 15:44, 18 November 2013 by Jeff.Krug (Talk | contribs)

Jump to: navigation, search

About

This page enumerates some outstanding issues using F5 as a SAML Service Provider within NIEF.

Issues

Be aware that some of these issues may eventually be fixed and the list will try to be updated as these fixes occur.

SAML Metadata / Importing New Entities

  • If the SAML entity supports multiple certificates, F5 is likely to only work with one of these certificates (and it's not likely to be clear which certificate it is using). Likely the metadata should be reduced to specify only a single certificate prior to importing.
  • F5 may not parse out the SSO bindings correctly when determining what URL to use for SAML SSO (specifically, it will try and use the Shibboleth endpoint for a default Shibboleth IDP metadata file instead of the SAML endpoint). At a minimum review the endpoint URL for correctness when importing.

SHA-256

F5 has trouble supporting SHA-256 for signatures on assertions. Hot Fix Available.

Signed Responses

F5 works with signed assertions, but has no specific support for signed assertions. Hot Fix Available.

Encryption

F5 seems to have trouble with encryption depending on how the KeyInfo field is transmitted within the EncryptedAssertion. Hot Fix Available.

Retrieved from "https://impl.gfipm.net/mwiki/index.php?title=F5_Implementation&oldid=1120"