Bug ID 1113661: When OAuth profile is attached to access policy, iRule event in VPE breaks the evaluation

Last Modified: Jul 18, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 17.0.0, 17.0.0.1, 17.0.0.2

Fixed In:
17.1.0, 16.1.4

Opened: Jun 11, 2022

Severity: 3-Major

Symptoms

After upgrading to 16.1.2.1, the OAuth configuration does not work anymore. Based on the below observations, an internal redirect to /renderer/agent_irule_event_form.eui is initiated but it is not processed, so the ACCESS_POLICY_AGENT_EVENT event is never fired. Observations: Following are the results from in-house troubleshooting: Test 1: Access Policy evaluation works with a standard Access Profile, clientless mode set with iRule, and an iRule event. Test 2: Access Policy evaluation fails with a standard Access Profile but an OAuth profile attached to access policy (clientless mode to be set automatically) and an iRule event.

Impact

ACCESS_POLICY_AGENT_EVENT event is never fired

Conditions

As soon as the iRule event is removed from VPE in Test 2, the access policy evaluation works fine.

Workaround

None

Fix Information

Pass on the packet to the upper hudfilter handles.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips