Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.2, 12.1.3, 12.1.3.1
Fixed In:
13.1.0, 12.1.3.2
Opened: May 04, 2017 Severity: 3-Major
Symptom will show as an error log in /var/log/apm similar to the one below: Internal error processing sso config /Common/idp_obj_name sso_tmconf_string_parse_list When this error message is logged, subsequent authentication attempt using this BIG-IP as IdP object will fail.
Authentication will fail for users using affected SAML IdP object.
SAML Identity Provider configuration is invalid: attribute contains empty value(s), for example: apm sso saml /Common/idp_obj { attributes { { multi-values { "" user@f5.com } name User.Email } }
Manually edit bigip.conf configuration fail and remove empty value(s) in SAML attribute, e.g.: apm sso saml /Common/idp_obj { attributes { { multi-values { user@f5.com } name User.Email } }
Empty values in SAML attributes will no longer be accepted by validation logic.