Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2
Fixed In:
13.0.0, 12.1.2 HF1
Opened: Oct 27, 2016 Severity: 3-Major
POST body sent by Edge Client is not saved in the session db session variable by access hudfilter.
SAML Agent will now fail with the following error: SAML Agent: <AgentNameHere> cannot find assertion information in SAML request
- Configure BIG-IP as SAML Service Provider. To simplify reproduction change Access Policy execution timeout to few seconds. - Use Edge Client to connect to BIG-IP. - Saml Agent will redirect user for authentication to IdP - Wait for few seconds for access policy to time out on BIG-IP. - Enter credentials/complete authentication on IdP - User will be redirected back to BIG-IP as SP. At this moment APM will create a new session, and will evaluate access policy again.
Removing the ‘Origin’ header from the request with iRule does fix the issue, and the POST body becomes available to access hudfilter.
Check for receipt of HUDEVT_REQUEST_DONE before falling through from EV_ACCESS_TCL_COMPLETION to EV_ACCESS_REQUEST_DONE in client wait for request body to ensure proper storage of POST request body in sessiondb.