Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4
Fixed In:
11.5.1 HF5, 11.4.1 HF6, 11.4.0 HF8
Opened: Dec 11, 2013 Severity: 3-Major Related Article:
K14928
When the BIG-IP system is configured as a SAML Service Provider (SP), APD can crash if the IdP connector object that is used specifies a single logout URL. A crash occurs only when the SP receives a SAML assertion that does not include a SessionIndex attribute in the AuthnStatement element.
APD crashes, SAML authentication fails.
1. IdP sends Assertion without SessionIndex element in AuthnStatement. 2. IdP connector on BIG-IP has single-logout-url specified (not empty).
To work around the problem: 1. Reconfigure IdP to send Assertion with SessionIndex attribute in AuthnStatement element, or 2. Clear single-logout-url in IdP connector object on the BIG-IP system.
None