Bug ID 479715: Multi-tab protection problems with multi-domain SSO

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1

Fixed In:
12.0.0, 11.6.1 HF1, 11.5.1 HF6

Opened: Sep 17, 2014
Severity: 3-Major
Related AskF5 Article:
K60459898

Symptoms

When APM is configured with multi-domain SSO, and an unauthenticated user opens multiple tabs simultaneously to different protected domains, then one of the tabs will be issued an error page indicating authentication is in progress. That page offers a link to reset the session and begin a fresh authentication sequence. Clicking on the link will result in the same error page being presented.

Impact

The user will be unable to establish a session until the session itself has expired or the browser is restarted.

Conditions

APM is configured with multi-domain SSO, and an unauthenticated user opens multiple tabs simultaneously to different protected domains, and then follows the link to reset the session.

Workaround

This issue has no workaround at this time.

Fix Information

The errant behavior is caused by an improper URL being presented by the error page. When APM checks the improper URL, it causes it to issue the same error page. This has now been corrected.

Behavior Change