Bug ID 643457: Config load failure with connectivity resource name the same as a SAML Resource

Last Modified: Dec 20, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Feb 06, 2017
Severity: 3-Major

Symptoms

A SAML Resource with the same name as another connectivity resource or webtop link is allowed to be created. The other way around is not allowed. An MCP error is thrown if you try to create a connectivity resource object (ex: Portal Access) or a webtop link having the same name as a SAML Resource. The error looks similar to the following example: The connectivity resource name (/Common/<resource>) is already assigned to another connectivity resource. On saving such a configuration (SAML Resource name same as another connectivity resource or webtop link), and loading it, there is an error.

Impact

Configuration fails to load. This causes failure in licensing, upgrading and importing configurations.

Conditions

1. Create a SAML Resource with the same name as another connectivity resource or a webtop link. 2. Save sys config. 3. Load sys config.

Workaround

The workaround is to not create a SAML Resource with the same name as another connectivity resource or a webtop link.

Fix Information

Validation for SAML Resource name now checks that the name is not assigned to another connectivity resource or webtop link object. Object name must be unique among all (connectivity_resource objects and webtop link objects). Connectivity resource objects are - saml resource, portal access, app-tunnel, remote desktop, network-access. This validation is enforced in both TMUI and TMSH.

Behavior Change