Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.4.0, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5
Fixed In:
12.0.0, 11.6.0 HF6, 11.5.3 HF2, 11.4.1 HF9
Opened: Dec 09, 2014 Severity: 3-Major Related Article:
K39768154
Logon page is not displayed correctly when 'force password change' is on for local users.
Although it is correct behavior to require an initial password change and to require a logon after changing the password, the expected first page is a one-time password-change request, instead of the same change-password change page displayed twice.
When more than one logon page is configured in the Access policy, and the administrator sets 'Force Password Change' in the local user account database.
The current workaround is to add 'Variable Assign' agent in the LocalDB Auth Successful branch with a custom variable, for example: session.logon.page.challenge = expr { 0 }.
The system now shows the correct logon page after the successful password change.