Last Modified: Mar 30, 2024
Affected Product(s):
BIG-IP APM
Known Affected Versions:
15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2
Fixed In:
17.1.1, 15.1.9
Opened: Sep 07, 2022 Severity: 3-Major
When RSA auth along with AD query is used the Negotiate login page checkbox "Do not change password" is not working as expected. Even though "Do not change password" is checked the AD query is receiving F5_challenge post parameter with earlier RSA auth agent OTP content, And PSO criteria would not meet. So when they click on "logon", it states 'The domain password change operation failed. Your new password must be more complex to meet domain password complexity requirements' and prompts for the fields "New password" and "verify password" again.
User readability/experience even though "Do not change password" is checked it prompts as if user entered the logon credentials.
RSA Auth with OTP along with AD query agent with the negotiate logon page.
If you click on "logon" again in the Negotiate page, it goes to the webtop (next agent) with the previous logon or last logon credentials.
None