Bug ID 718796: IControl REST token issue after upgrade

Last Modified: Apr 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,,, 13.1.3,,

Opened: May 07, 2018
Severity: 2-Critical


When upgrading to version 13.1.0.x, sometimes a user who previously had permissions to make calls to iControl REST loses the ability to make those calls.


A previously privileged user can no longer query iControl REST. Also, some remotely authenticated users may loose access to the Network Map and Analytics view after the upgrade.


-- Upgrading to version 13.1.0.x. -- iControl REST.


You can repair the current users permissions with the following process: 1) Delete the state maintained by IControlRoleMigrationWorker and let it rerun by restarting restjavad process: # restcurl -X DELETE "shared/storage?key=shared/authz/icontrol-role-migrator" # bigstart restart restjavad. 2) Update shared/authz/roles/iControl_REST_API_User userReference list to add repro user account using PUT: # restcurl shared/authz/roles/iControl_REST_API_User > role.json # vim role.json and add { "link": "https://localhost/mgmt/shared/authz/users/[your-user-name]" } object to userReferences list # curl -u admin:admin -X PUT -d@role.json http://localhost/mgmt/shared/authz/roles/iControl_REST_API_User Now, when you create a new user, the permissions should start in a healthy state.

Fix Information


Behavior Change