Authentication via Azure AD blocked by Access policy
Hi,
Device:
Virtual Edition.
BIG-IP 14.1.0.6 Build 0.0.9 Point Release 6
I have published my site behind F5, and because of some security reason I want to make authentication through Azure AD.
I have configured both F5 and Azure also.
Authentication via Azure works, but then I receive "Access was denied by the access policy."
And here are details why it was blocked:
Log Message
/Common/SSO_AAD.app/SSO_AAD:Common:12243713: SAML Agent: /Common/SSO_AAD.app/SSO_AAD_saml_auth_ag failed to process signed assertion, error: RSA decrypt
Partition
Common
I checked old discussion and there were som bug, but it was very old version, so I guess it does not affect my F5.
Do you have any idea, what should be the issue ?
Thank you
Hi,
It could be that cert automatically imported as part of metadata causing issues.
Can you try manually importing the cert and specify it in the external Idp connector.
I refereed to the following to answer your question.
Regards,
Nag