Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
Fixed In:
12.1.0
Opened: Jul 29, 2013 Severity: 3-Major Related Article:
K15438
Multidomain SSO does not support custom ports. For multidomain SSO, redirection back to the virtual server that was used for initial session access always goes back to a standard 80/443 port. The virtual server used for initial session access must be on port 80/443. For example, suppose we set up a virtual server for https://siterequest.com:8888. Accessing this URL redirects to the primary virtual server, and login proceeds normally. Afterward, the redirect back to the initially accessed virtual server goes to https://siterequest.com on the standard 443 port.
Administrators cannot configure multidomain SSO on ports other than 80 or 443.
This occurs for multidomain SSO and nonstandard ports on the virtual server that is used for initial access.
To work around the problem, only use ports 80 and 443.
APM now supports the use of custom ports on the virtual server that is used for initial access with a multidomain SSO configuration.