Last Modified: Nov 22, 2021
Opened: Jul 20, 2016 Severity: 3-Major
REST Framework polls for any changes in user every 15 seconds. When user is removed from MCP directly using tmsh or BIG-IP GUI, for REST that user will be still valid for at most 15 seconds. So any authentication tokens issued will not be invalidated and all REST API requests will work as that user remains valid until user deletion is synced.
After user deletion from MCP, tokens issued for that user will not immediately deleted from REST
This occurs when users are deleted and the user is still using iControl REST.
After user deletion, customer need to wait at most 15 seconds for change to take effect in REST API
When user is removed from REST, all tokens issued for that user is invalidated immediately. If a user is removed from MCP either using TMUI or tmsh, that change will be synced to REST after 15 seconds in the worse case.
Auth token is removed upon user deletion.