Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.2 HF1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.1 HF1, 11.5.1 HF6
Opened: Sep 17, 2014 Severity: 3-Major Related Article:
K60459898
When APM is configured with multi-domain SSO, and an unauthenticated user opens multiple tabs simultaneously to different protected domains, then one of the tabs will be issued an error page indicating authentication is in progress. That page offers a link to reset the session and begin a fresh authentication sequence. Clicking on the link will result in the same error page being presented.
The user will be unable to establish a session until the session itself has expired or the browser is restarted.
APM is configured with multi-domain SSO, and an unauthenticated user opens multiple tabs simultaneously to different protected domains, and then follows the link to reset the session.
This issue has no workaround at this time.
The errant behavior is caused by an improper URL being presented by the error page. When APM checks the improper URL, it causes it to issue the same error page. This has now been corrected.