Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP Install/Upgrade
Known Affected Versions:
12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Feb 06, 2017 Severity: 3-Major
A SAML Resource with the same name as another connectivity resource or webtop link is allowed to be created. The other way around is not allowed. An MCP error is thrown if you try to create a connectivity resource object (ex: Portal Access) or a webtop link having the same name as a SAML Resource. The error looks similar to the following example: The connectivity resource name (/Common/<resource>) is already assigned to another connectivity resource. On saving such a configuration (SAML Resource name same as another connectivity resource or webtop link), and loading it, there is an error.
Configuration fails to load. This causes failure in licensing, upgrading and importing configurations.
1. Create a SAML Resource with the same name as another connectivity resource or a webtop link. 2. Save sys config. 3. Load sys config.
The workaround is to not create a SAML Resource with the same name as another connectivity resource or a webtop link.
Validation for SAML Resource name now checks that the name is not assigned to another connectivity resource or webtop link object. Object name must be unique among all (connectivity_resource objects and webtop link objects). Connectivity resource objects are - saml resource, portal access, app-tunnel, remote desktop, network-access. This validation is enforced in both TMUI and TMSH.