Forum Discussion

Phuoc_386653's avatar
Phuoc_386653
Icon for Nimbostratus rankNimbostratus
Apr 09, 2019

How can I config BIGIP APM skip ACS URL checking ?

I have setuped my Salesforce to work with BIGIP APM and it works perfectly. Then I want to integrate our product with BIGIP APM, so I changed the Assertion Consumer Service URl in SP connector to our system. But it doesnt work anymore, it said:

 

"Error: No SP Connector attached to SAML SSO from assigned SAML resources matching authentication request. If ACS URL is present in authentication request it should match ACS URL from SP Connector"

 

Anyway I can skip ACS URL checking or bypass this thing? I want the BIGIP APM sends SAML response to our system instead of Salesforce.

 

Thanks!

 

3 Replies

  • To clarify, you had a working SAML Federation with Salesforce as the IdP and APM as the SP, and are trying to migrate to a different IdP?

     

  • No, I integrated salesforce(SP) with BIG-IP APM as IDP. And I want the APM send saml response to our system instead of Salesforce, that is why I changed the ACS URL in SP connector to my system.

     

  • Hi,

     

    it's not the right way to ignore the validation of acs, besides, you can not ignore it or bypass this protection.

     

    but you can solve your problem very easily, I explain myself. So if you have this problem, it means that the ACS contained in the request (SAML Request) are different from those configured in your external sp.

     

    I often have this problem the application owners give us wrong information and it is up to us to solve the problem :-).

     

    Follow my procedure:

     

    • Capture saml request (F12 developer tools using chrome or saml tracer using Firefox or fiddler...)

    SP post saml request on the following URL: https://idp.domain.com/saml/idp/profile/redirectorpost/sso

     

    • Once you capture the saml request decode IT
    • First decode url

    https://meyerweb.com/eric/tools/dencoder/

     

    • Then saml decoder (b64 decoder)

    https://www.samltool.com/decode.php

     

    Just be carreful to one point you have to retrieve only SAML request (you have to not include "SAMLRequest: " ) when you want to decode saml request.

     

    SO once you decoded saml request you can See ACS provide by SP. Take it an set it on your external SP...

     

    The job is done :-)

     

    keep me in touch

     

    regards