Bug ID 828761: APM OAuth - Auth Server attached iRule works inconsistently

Last Modified: Feb 07, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.2

Fixed In:
17.0.0, 16.1.2.1, 15.1.5, 14.1.4.5

Opened: Sep 18, 2019

Severity: 3-Major

Symptoms

The iRule attached to the OAuth Resource Server (RS) is not triggered when the traffic hits the virtual server.

Impact

OAuth scope check agent fails with 'HTTP error 503': as the iRule attached to the RS virtual server is not triggered.

Conditions

The issue occurs during a reboot of the BIG-IP device containing an OAuth server config and an attached iRule, or when the iRule is initially assigned to the OAuth Server.

Workaround

For existing OAuth servers with the iRule attached, modify the iRule, for example, adding a log. This makes the iRule trigger when it is initially attached or loaded.

Fix Information

The iRule is triggered when a request comes to the OAuth RS virtual server.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips