Bug ID 422194: TCP reset during multidomain SSO access policy evaluation

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.3.0, 11.4.0

Fixed In:
11.5.0, 11.4.0 HF3, 11.3.0 HF6

Opened: May 29, 2013
Severity: 3-Major
Related Article:
K14635

Symptoms

BIG-IP system sends a TCP reset to a client during multidomain SSO access policy evaluation.

Impact

Client is sent a TCP reset.

Conditions

Server must have multidomain SSO configured. Client must start access policy by requesting URI on multidomain SSO slave, then request this URI again while access policy is in progress.

Workaround

Apply the following iRule to the primary virtual: when HTTP_REQUEST { if { [HTTP::uri] starts_with "/F5Networks-SSO-Req?SSO_ORIG_URI=https" } { HTTP::uri "/F5Networks-SSO-Req?SSO_ORIG_URI=[b64encode [string range [HTTP::uri] 33 end]]" } }

Fix Information

Access no longer resets a TCP connection if a client requests the landing URI on the slave twice before completing an access policy.

Behavior Change