Last Modified: May 14, 2019
See more info
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0
12.1.0, 12.0.0 HF1, 11.6.1, 11.5.4
Opened: Nov 02, 2015
Related AskF5 Article: K88973987
Under certain conditions, SSO plugin can overrun memory not owned by the plugin. Symptoms could be different based on the owner of overrun memory.
Symptoms might differ based on the owner of overrun memory. Potentially, tmm could restart as a result of this issue.
This occurs when the following conditions are met: 1. The BIG-IP system is configured and used as SAML Identity Provider. 2. Single Logout (SLO) protocol is configured on an attached SP connector. 3. At least one user executed SAML WebSSO profile.
Disable SAML SLO: remove SLO request and SLO response URLs from configuration in appropriate SAML SP connectors.
SSO plugin no longer overruns memory not owned by the plugin, so the system supports the following configuration without memory issues: The BIG-IP system is configured and used as a SAML Identity Provider. Single Logout (SLO) protocol is configured on the attached Service Provider (SP) connector. At least one user executed SAML webSSO profile.