Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.3.0, 11.4.0
Fixed In:
11.5.0, 11.4.0 HF3, 11.3.0 HF6
Opened: May 29, 2013 Severity: 3-Major Related Article:
K14635
BIG-IP system sends a TCP reset to a client during multidomain SSO access policy evaluation.
Client is sent a TCP reset.
Server must have multidomain SSO configured. Client must start access policy by requesting URI on multidomain SSO slave, then request this URI again while access policy is in progress.
Apply the following iRule to the primary virtual: when HTTP_REQUEST { if { [HTTP::uri] starts_with "/F5Networks-SSO-Req?SSO_ORIG_URI=https" } { HTTP::uri "/F5Networks-SSO-Req?SSO_ORIG_URI=[b64encode [string range [HTTP::uri] 33 end]]" } }
Access no longer resets a TCP connection if a client requests the landing URI on the slave twice before completing an access policy.