Bug ID 422194: TCP reset during multidomain SSO access policy evaluation

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.3.0, 11.4.0

Fixed In:
11.5.0, 11.4.0 HF3, 11.3.0 HF6

Opened: May 29, 2013

Severity: 3-Major

Related Article: K14635


BIG-IP system sends a TCP reset to a client during multidomain SSO access policy evaluation.


Client is sent a TCP reset.


Server must have multidomain SSO configured. Client must start access policy by requesting URI on multidomain SSO slave, then request this URI again while access policy is in progress.


Apply the following iRule to the primary virtual: when HTTP_REQUEST { if { [HTTP::uri] starts_with "/F5Networks-SSO-Req?SSO_ORIG_URI=https" } { HTTP::uri "/F5Networks-SSO-Req?SSO_ORIG_URI=[b64encode [string range [HTTP::uri] 33 end]]" } }

Fix Information

Access no longer resets a TCP connection if a client requests the landing URI on the slave twice before completing an access policy.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips