Bug ID 625474: POST request body is not saved in session variable by access when request is sent using edge client

Last Modified: Nov 14, 2022

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2

Fixed In:
13.0.0, 12.1.2 HF1

Opened: Oct 27, 2016

Severity: 3-Major

Symptoms

POST body sent by Edge Client is not saved in the session db session variable by access hudfilter.

Impact

SAML Agent will now fail with the following error: SAML Agent: <AgentNameHere> cannot find assertion information in SAML request

Conditions

- Configure BIG-IP as SAML Service Provider. To simplify reproduction change Access Policy execution timeout to few seconds. - Use Edge Client to connect to BIG-IP. - Saml Agent will redirect user for authentication to IdP - Wait for few seconds for access policy to time out on BIG-IP. - Enter credentials/complete authentication on IdP - User will be redirected back to BIG-IP as SP. At this moment APM will create a new session, and will evaluate access policy again.

Workaround

Removing the ‘Origin’ header from the request with iRule does fix the issue, and the POST body becomes available to access hudfilter.

Fix Information

Check for receipt of HUDEVT_REQUEST_DONE before falling through from EV_ACCESS_TCL_COMPLETION to EV_ACCESS_REQUEST_DONE in client wait for request body to ensure proper storage of POST request body in sessiondb.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips