Bug ID 456714: When BIG-IP configured as SAML SP, APD may traceback under certain conditions.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4

Fixed In:
11.5.1 HF5, 11.4.1 HF6, 11.4.0 HF8

Opened: Apr 10, 2014
Severity: 2-Critical
Related AskF5 Article:
K15626

Symptoms

When BIG-IP is configured as a Service Provider (SP) and Single Logout (SLO) is configured, the apd service crashes when received Assertion does not contain SessionIndex.

Impact

APD service restarts

Conditions

BIG-IP is configured as SP. SessionIndex attribute is missing from SAML Assertion and SLO is configured as part of SAML IdP Connector.

Workaround

Delete SLO configuration from IdP Connector

Fix Information

Fixed for cases when Assertion does not contain SessionIndex and SLO is configured.

Behavior Change