Bug ID 440910: With cross-domain option enabled, group cache and PSO cache might be overwritten by sub domain

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.1

Opened: Dec 17, 2013
Severity: 3-Major

Symptoms

In releases before 11.5.0 there is an issue with AD group/PSO caches implementation. a cache is created for every agent, and there is only one cache per-agent. If user resides in a trusted domain and cross-domain option is enabled, a cache may be re-initialized with groups from the trusted domain.

Impact

Logon delays caused by unnecessary cache updates

Conditions

Cross-domain option is enabled, user belongs to a trusted domain

Workaround

None

Fix Information

None

Behavior Change