Last Modified: Oct 17, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1
Opened: Apr 10, 2015 Severity: 3-Major
If SWG-Transparent acts as SAML SP, then any request in background can prevent authentication process from completing. Use-case: 1. APM end user opens a site through SWG-Transparent. 2. SWG returns redirect to captive portal. 3. Captive portal acts as SP, so it produces SAML Request to IdP State after this point: - APM end user is on IdP Logon page. - APM end user's session on SP is waiting for SAML response from IdP. 4. Browser or OS do any HTTP/HTTPS request through SWG Transparent. - SAML Auth agent on SP interprets this request as SAML Response from an IdP and tries to find assertion information. It can't find assertion info and closes user's session on SP.
APM session on SP is closed unexpectedly for user
1. Configure SWG-Transparent (with Captive portal). 2. Configure a virtual server as IdP. 3. Setup SWG Captive portal as SP. 4. Go to IdP VS thru SWG. You will see IdP Logon page. Do nothing on this page. 5. Open a new browser tab/window and go to any HTTP/HTTPS site. Current session on SP will be closed.
None.
None