Bug ID 456714: When BIG-IP configured as SAML SP, APD may traceback under certain conditions.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.2 HF1, 11.4.0, 11.4.1

Fixed In:
11.5.1 HF5, 11.4.1 HF6, 11.4.0 HF8

Opened: Apr 10, 2014

Severity: 2-Critical

Related Article: K15626

Symptoms

When BIG-IP is configured as a Service Provider (SP) and Single Logout (SLO) is configured, the apd service crashes when received Assertion does not contain SessionIndex.

Impact

APD service restarts

Conditions

BIG-IP is configured as SP. SessionIndex attribute is missing from SAML Assertion and SLO is configured as part of SAML IdP Connector.

Workaround

Delete SLO configuration from IdP Connector

Fix Information

Fixed for cases when Assertion does not contain SessionIndex and SLO is configured.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips