Bug ID 679898: When two BIG-IP virtual servers are configured with multi-domain SSO, under certain conditions you might encounter HTTP redirect loop.

Last Modified: May 01, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5

Fixed In:
14.0.0

Opened: Aug 23, 2017
Severity: 3-Major

Symptoms

After successful authentication on the primary auth virtual server, and successful redirect to the application virtual server, when you click the back button on the web browser, the system re-requests the multi-domain auth URL. This might result in an HTTP redirect loop.

Impact

Possible HTTP redirect loop.

Conditions

-- The BIG-IP system is configured with the multi-domain authentication service for the web applications sitting behind virtual servers configured for LTM-plus-APM. -- The APM multi-domain authentication service is configured with an access policy that does not contain a webtop. -- A 'Primary Authentication URI' virtual server does not have an LTM pool assigned to it.

Workaround

None.

Fix Information

A client redirect loop that occurred with APM multi-domain SSO configurations has been corrected.

Behavior Change