Bug ID 886841: Allow LDAP Query and HTTP Connector for API Protection policies

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1

Fixed In:
16.0.0, 15.1.5

Opened: Mar 03, 2020

Severity: 4-Minor

Symptoms

APM has several types of access policies for different deployment types, such as general per-request policies, OAuth policies, full webtop portal policies, and so on. One type of policy is designed for API clients, called API Protection. API Protection requests are generally authenticated by user information present in an HTTP authorization header. APM then uses this authorization header data to authenticate users against an AAA server. In addition to authentication, some deployments of API Protection also require authorization decisions to be performed against out-of-band data from external servers, typically group membership data from an external HTTP or LDAP server.

Impact

Administrators are not able to use HTTP Connector or LDAP Query in API Protection policies.

Conditions

Administrators attempt to use HTTP Connector or LDAP Query in an API Protection type access policy.

Workaround

None

Fix Information

Starting with 16.0, APM allows administrators to use HTTP Connector or LDAP Query inside of API Protection policies to make authorization decisions, greatly expanding the flexibility of APM's API Protection feature.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips