Bug ID 926973: APM / OAuth issue with larger JWT validation

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2

Fixed In:
16.1.0, 15.1.5

Opened: Jul 14, 2020

Severity: 3-Major

Symptoms

When the access profile type is OAuth-RS or ALL, and sends a request with a Bearer token longer than 4080 bytes in the Authorization header to the virtual server, OAuth fails with ERR_NOT_SUPPORTED.

Impact

APM oauth fails with ERR_NOT_SUPPORTED.

Conditions

Bearer token longer than 4080 bytes

Workaround

None.

Fix Information

OAuth can now handle bearer tokens longer than 4080 bytes.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips