Bug ID 426492: Multidomain SSO does not support custom ports

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Jul 29, 2013
Severity: 3-Major
Related AskF5 Article:
K15438

Symptoms

Multidomain SSO does not support custom ports. For multidomain SSO, redirection back to the virtual server that was used for initial session access always goes back to a standard 80/443 port. The virtual server used for initial session access must be on port 80/443. For example, suppose we set up a virtual server for https://siterequest.com:8888. Accessing this URL redirects to the primary virtual server, and login proceeds normally. Afterward, the redirect back to the initially accessed virtual server goes to https://siterequest.com on the standard 443 port.

Impact

Administrators cannot configure multidomain SSO on ports other than 80 or 443.

Conditions

This occurs for multidomain SSO and nonstandard ports on the virtual server that is used for initial access.

Workaround

To work around the problem, only use ports 80 and 443.

Fix Information

APM now supports the use of custom ports on the virtual server that is used for initial access with a multidomain SSO configuration.

Behavior Change