Last Modified: Dec 18, 2024
Affected Product(s):
BIG-IP APM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6
Fixed In:
17.1.2
Opened: Jan 09, 2023 Severity: 3-Major
APM Websso decrypts id_token incorrectly when OIDC id_token is larger than ~5mb. The generated token size can be larger when the user belongs to many groups.
Access to applications will fail due to incorrect processing of the access token.
1) configure BIG-IP as oauth client and Resource server and Authorization server as Azure AD 2) configure Azure AD such that it sends a large token. )access policy start -> oauth client ->scope ->allow 3)create a oauth bearer sso in "passthrough" mode and send token on 4xx response 4)attach sso to access policy 5)attach the access policy to the virtual server
None
Handling of decryption to support large data than usual limit which makes users to able to access applications.