Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2
Fixed In:
13.0.0, 12.1.2 HF1, 11.6.1 HF2
Opened: Sep 30, 2016 Severity: 3-Major
With SSO logs set to 'Debug' in Access log configuration, the following log messages are seen in '/var/log/apm': Sep 30 12:46:17 BIG-IP3900mgmt debug websso.3[14520]: 014d0001:7: constructor Sep 30 12:46:17 BIG-IP3900mgmt debug websso.3[14520]: 014d0001:7: webssoContext constructor ... Sep 30 12:46:17 BIG-IP3900mgmt err websso.3[14520]: 014d0005:3: Unsupported SSO Method Sep 30 12:46:17 BIG-IP3900mgmt debug websso.3[14520]: 014d0001:7: ctx: 0x914b510, SERVER: TMEVT_REQUEST Sep 30 12:46:17 BIG-IP3900mgmt debug websso.3[14520]: 014d0001:7: ctx: 0x914a718, CLIENT: TMEVT_ABORT_PROXY Sep 30 12:46:17 BIG-IP3900mgmt debug websso.3[14520]: 014d0001:7: webssoContext destructor ... Sep 30 12:46:17 BIG-IP3900mgmt debug websso.3[14520]: 014d0001:7: webssoConfig destructor With 'rstcause' enabled, the following log message is seen in '/var/log/ltm': Sep 30 12:46:17 BIG-IP3900mgmt err tmm2[13116]: 01230140:3: RST sent from 172.17.90.92:57611 to 127.0.0.1:10001, [0x24ccbbc:820] Internal error (APM::WEBSSO requested abort (Unsupported SSO Method))
client receives a HTTP 503 reset
HTTP::disable followed by HTTP::enable. when CLIENT_ACCEPTED { HTTP::disable // do some other stuff HTTP::enable }
When the access profile is added to the virtual server, the websso plugin profile is automatically added. Manually removing the websso plugin fixes this bug.
The server-side access hudfilter was mistakenly enabling the websso plugin. The logic has been updated so that this does not happen.