Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.1.2, 12.1.3, 12.1.3.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Fixed In:
13.1.0, 13.0.1, 12.1.3.2
Opened: Jun 14, 2017 Severity: 3-Major Related Article:
K25342114
Adding new SAML IdP configuration object containing empty attribute values via tmsh may cause tmm to restart.
TMM may restart when new configuration is added. Traffic disrupted while tmm restarts.
New SSO SAML configuration contains one or more attribute values containing a session variable, following by another empty value "", for example: multi-values { "%{session.ad.last.attr.name}" "" } Note: This is not a valid configuration: empty values must not be provided in the list of SAML attributes.
Remove empty attribute values from configuration.
SAML object validation has been improved so that empty SAML SSO object attribute values will no longer be accepted.