Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP APM
Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3
Fixed In:
12.0.0, 11.6.0 HF4, 11.4.1 HF9
Opened: Sep 27, 2013
Severity: 3-Major
Related Article:
K15407
If the RelayState parameter includes HTML and XHTML special characters, then BIG-IP as IdP or BIG-IP as SP does not process them correctly, and does not send complete RelayState value to the Peer.
SAML integration may not work properly with other products when configured RelayState parameter includes special characters.
Using special characters
To use reserved characters in HTML (",',&,<,>) as part of SAML RelaySate, convert them to their HTML entities (", ', &, <, >).
When the BIG-IP system is configured as a SAML Identity Provider (IdP) or Service Provider (SP), it now URL encodes (or decodes, as applicable) the RelayState parameter.