SAML XML modification

Question

I'm setting up a SAML SP. The IDP is external and already in place, working for a bunch of other of their customers. I'm pretty new at this so I have a few questions.&nbsp;
What I've done so far is setup the SP locally, import the IDP xml, bind the SP to external IDP. I have an Access Policy made with a simple SAML agent, nothing complex there. All that seems pretty straight forward. Then I exported the SP XML and uploaded it onto a SAML portal the IDP organisation provides. It then valides my SP XML and gives a number of errors and warnings back. NONE of these errors can be fixed via the GUI as far as I can see. There are blocks of XML missing and other values the IDP wants that are not selectable in the GUI. So here are my questions:&nbsp;
Is the solution to export the SP XML and manually edit the XML file before uploading it to the IDP?Do I need to import the modified XML to my local SP as well? Will the BIGIP understand and comply with the modifications made?
I'm running version 13.1.&nbsp;

juraj · Answer

Re 1: Yes. You can take the exported SP XML metadata file, and modify it manually the way your IDP needs. Most of the time the data your IDP needs from your SP is just:&nbsp;
entityIDX509CertificateAssertionConsumerServiceSingleLogoutService
You can copy that info from the exported SP XML metadata and either use some SAML SP generator available on the internet, or just manually edit and create your own SP XML file.&nbsp;
Re 2: No, you do not import such file back to F5.&nbsp;

Forum Discussion

SAML XML modification

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

XML parsing by XML firewall

Enable SAML Service Provider on F5 Distributed Cloud Application

F5 StoreFront XML Broker Monitor

SAML SLO Error

APM Cookbook: SAML IdP Chaining