Last Modified: Sep 25, 2024
Affected Product(s):
BIG-IP APM, Install/Upgrade
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3
Fixed In:
17.1.1
Opened: Mar 29, 2023 Severity: 2-Critical Related Article:
K000134865
During SAML Authentication while TMM parses the assertion to extract the attributes and its respective values, all the attributes values are combined into a single string with '|' as separator and are assigned to a single variable leaving remaining ones empty.
All the session variables related to assertion attributes are assigned and stored incorrectly. Related IDs: ID1282105 at https://cdn.f5.com/product/bugtracker/ID1282105.html ID1353021 at https://cdn.f5.com/product/bugtracker/ID1353021.html ID1354673 at https://cdn.f5.com/product/bugtracker/ID1354673.html
When the incoming attributes, in the assertion, are considered as multi-valued attributes, all the values of attributes are combined to form a single valued attribute in order to store in the SessionDB.
None
None