Bug ID 672221: TMM cores if the certificate configured to validate message signature does not exist.

Last Modified: Dec 20, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7

Fixed In:
12.1.4

Opened: Jul 03, 2017
Severity: 2-Critical

Symptoms

TMM cores if the SAML message signature verification certificate cannot be found in the configuration.

Impact

The issue can lead to momentary service interruption. Traffic disrupted while tmm restarts.

Conditions

-- SAML is configured with an invalid certificate in the message signature validation setting. -- The control-plane is unable to detect such misconfiguration. Note: This is an unlikely occurrence if the usual control-plane is used to configure the SSO/SAML object. In this particular case, the certificate-key was passed in as the certificate which triggered a certificate-not-found error.

Workaround

Make sure the certificate configured for use with the SAML message signature verification is correctly configured and the configuration loads successfully.

Fix Information

None

Behavior Change