Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0
Opened: Feb 24, 2017 Severity: 3-Major
Accessing SAML Resource causes RST when Single Sign-On (SSO) on access profile contains V1 configuration (NTLM, form based).
TCP connection to the client is reset. As a result, APM end user is not able to perform IdP-initiated SAML WebSSO.
All of the following: - BIG-IP system is configured and used as SAML Identity Provider. - In-use access profile has both: 1) V1 SSL attached (NTLM, form based) and SAML resources assigned on access policy. - APM end user performs IdP-initiated SAML WebSSO by clicking published SAML resource on the webtop.
None.
Assigning V1 SSO profile on access policy no longer causes a connection reset when APM end user performs IdP-initiated SAML WebSSO by clicking published SAML resource on the webtop.