Bug ID 1473701: Oauth Discovery task is struck at "SAVE_AND_APPLY" state

Last Modified: Jun 13, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:,, 16.1.3,,,,,, 16.1.4,,,

Opened: Jan 04, 2024

Severity: 3-Major


Initial symptoms could be one of the following: - Auto JWT discovery task stops or stalls and no reason is provided - OIDC discovery task stops discovering - Auto update of JWK fails - OAuth token does not renew - Oauth Discovery stuck at "SAVE_AND_APPLY" - OAuth Provider Discovery Task doesn't work anymore Other indications: -> Stale JWK keys will be present in the config and Authentication fails with the following error in /var/log/apm:"OAuth Scope: failed for jwt-provider-list '/Common/VPN_JWT', error: None of the configured JWK keys match the received JWT token, JWT Header: " ->restcurl -X GET tm/access/oidc/discover/ outputs the OIDC discovery task status and status will be in "SAVEANDAPPLY"


- Config will contain stale JWK keys


- jwk keys discovered from the openid well known url should be different from the existing JWK keys in the config - And mcp should fail while applying the config. We can identify that if the /var/log/restjavad does not show the " Applying access policies" log after the "Updating mcp jwt and jwk objects for provide" log


- Restart restjavad so that the discovery task starts again

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips