Last Modified: Jun 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6
Fixed In:
17.5.1
Opened: Feb 16, 2022 Severity: 3-Major
SSO Bearer authorization fails.
Fails to read new token from request and forwards old token in session variables to backend pool after validation.
APM PRP is configured with just an OAuth Scope and SSO Bearer attached to PSP.
1. Configure a PSP of type 'OAuth-RS' a. Add OAuth Scope b. Add Variable assign with following expression apm policy agent variable-assign /Common/RStype_AP_act_variable_assign_ag { variables { { expression "mcget {session.oauth.client.last.access_token}" secure true varname session.oauth.client./Common/oauth-aad-server.access_token } } } 2. Configure PRP with Gating Criteria (As per your setup) a. Add a Variable-Assign inside SBR (subroutine) apm policy agent variable-assign /Common/empty_act_variable_assign_ag { variables { { expression "mcget -secure {subsession.oauth.client.last.access_token}" secure true varname session.oauth.client./Common/oauth-aad-server.access_token } } }
N/A