Bug ID 718796: IControl REST token issue after upgrade

Last Modified: Apr 01, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 16.0.0,, 16.0.1,

Opened: May 07, 2018
Severity: 2-Critical


When upgrading to version 13.1.0.x or later, users who previously had permissions to make calls to iControl REST lose the ability to make those calls.


A previously privileged user can no longer query iControl REST. In addition, some remotely authenticated users may lose access to the Network Map and Analytics view after the upgrade.


-- Upgrading to version 13.1.0.x or later. -- Using iControl REST.


You can repair the current users permissions with the following process: 1) Delete the state maintained by IControlRoleMigrationWorker and let it rerun by restarting restjavad process: # restcurl -X DELETE "shared/storage?key=shared/authz/icontrol-role-migrator" # bigstart restart restjavad. 2) Update shared/authz/roles/iControl_REST_API_User userReference list to add all affected users' accounts using PUT: # restcurl shared/authz/roles/iControl_REST_API_User > role.json # vim role.json and add { "link": "https://localhost/mgmt/shared/authz/users/[your-user-name]" } object to userReferences list # curl -u admin:admin -X PUT -d@role.json http://localhost/mgmt/shared/authz/roles/iControl_REST_API_User Now, when you create a new user, the permissions should start in a healthy state.

Fix Information


Behavior Change