Last Modified: Sep 13, 2023
Known Affected Versions:
12.1.2, 12.1.3, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 12.1.4, 126.96.36.199, 12.1.5, 188.8.131.52, 184.108.40.206, 220.127.116.11, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Opened: Jul 21, 2017 Severity: 3-Major
When the BIG-IP as SAML IdP is configured to generate assertions larger than 32 KB, occasionally the BIG-IP system might not send the entire assertion as part of the HTTP response to the client, leaving the browser in a waiting state for the rest of the assertion to arrive.
Occasionally, APM end users will not be able to receive full SAML assertion, and therefore, authentication with SAML SP will fail.
-- The BIG-IP system is configured as SAML IdP. -- IdP is configured to include either list of (large) attributes, with assertion size exceeding 32 KB.
When applicable, reconfigure SAML attributes to reduce the size of the generated assertion, i.e., remove unnecessary attributes from the SAML configuration.
The BIG-IP system now supports generating assertions larger than 32 KB.