Bug ID 428268: Original request to multidomain SSO requires an '=' for every parameter

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Aug 19, 2013
Severity: 3-Major
Related AskF5 Article:
K15445

Symptoms

Some URLs might contain ampersand (&)-separated parameters. If each '&' separated parameter is not followed with an equal sign (=), the APM system does not recognize it as a proper query string, and the redirection from the primary virtual server back to the secondary virtual server will be incorrectly parsed.

Impact

Customer will not be able to login with URLs that include an '&' that is not followed by an '='.

Conditions

This problem occurs with multidomain SSO.

Workaround

To work around the problem, URL-Encode "&" and "=" in the original URL before passing it to APM. Or, follow every parameter with "=" or "=value". Both workarounds require application changes.

Fix Information

None

Behavior Change