Bug ID 430496: Custom HTTP headers added by Oracle Access Manager (OAM) server is missing from the message intended for the backend web application server, when the request contain an embedded AJAX code to load another protected resource

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF2, 11.4.0 HF4, 11.3.0 HF9

Opened: Sep 12, 2013

Severity: 2-Critical

Related Article: K15786

Symptoms

Custom HTTP headers added by Oracle Access Manager (OAM) server is missing from the message intended for the backend web application server, when the request contain an embedded AJAX code to load another protected resource

Impact

Custom HTTP header not added.

Conditions

This issue appears only if the protected resource contains an embedded code to generate request for another protected resource.

Workaround

None

Fix Information

OAM did not add custom HTTP header for requests forwarded to backend server that were generated by embedded code inside an HTTP resource. This fix will ensure that custom HTTP header is added to all requests forwarded to backend server.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips