I have configured SAML - Forward Proxy for Cloud Explicit Proxy Authentication. This setup has been working for some time, but now our IdP fails to verify the signature of the SAMLRequest. I have checked and re-imported the SAML configuration XML file from the tenant into the IdP and verified that the certificate is correct, but I still encounter the same error.
I also have a different SAML - Forward Proxy configuration for Client Enrollment that is working fine, although I believe it works differently.
I am using F5 APM as the IdP/SP. The SP is configured with the downloaded Netskope XML metadata file.
The client browser is configured with eproxy-xxxxx.de.goskope.com:8081 for HTTP/HTTPS, and the certificates are imported.
I have tried both Redirect Binding and POST Binding:
- Redirect Binding:
- Browser Error:
Status Code Mismatch Please contact your admin for assistance unkn - assert.ERR_STATUS
- IdP Logs:
Error verifying SAML message signature (with 1 certificate(s)) - RSA verification failed, check SP certificate
Error(1) verifying detached signature
Error(1) Signature verification failed for SAML Authentication Request
Error validating Authn Request Message. Status: urn:oasis:names
SAML:2.0:status:Requester
BIG-IP as IdP sent SAML response (Assertion) (size: 1745) with status (urn:oasis:namesSAML:2.0:status:Requester) to SP (Netskope_Forward_Proxy) for subject type (urn:oasis:namesSAML:1.1:nameid-format:emailAddress) value ()
- POST Binding:
- Browser Behavior: Displays a blank page.
- F5 BIG-IP IdP Logs:
Authn Request has no SAMLRequest
Error (12) extracting SAML Data from Request
Any help appreciated.