Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP APM
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2
Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1 HF1, 11.5.4 HF3
Opened: Oct 07, 2015
Severity: 3-Major
When BIG-IP is used as SAML Service Provider, and IdP-Connectors Single Sign On Service URL contains ampersand (&), part of the URL may be truncated when user is redirected to IdP for authentication.
The query part of the redirect URL after ampersand will be lost when user is redirected to SSO URL with Authentication Request.
All conditions must be true: - BIG-IP is used as SAML Service Provider - Single Sign On Service URL property of IdP connector contains ampersand, e.g. https://idp.f5.com/saml/idp/profile/redirectorpost/sso?a=b&foo=bar - User performs SP initiated SSO
None
Redirect URL is no longer truncated after ampersand sign.
