Bug ID 738330: /mgmt/toc endpoint issue after configuring remote authentication

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3

Fixed In:
15.1.0, 15.0.1.4, 14.1.2.5, 13.1.3.5

Opened: Jul 25, 2018
Severity: 3-Major

Symptoms

'Invalid username or password.' error on the /mgmt/toc page after configuring remote authentication.

Impact

Cannot configure remote authentication. After configuring remote authentication, you can login to the mgmt/toc area with the admin user, but using a remote auth user ended up with 'You are not authorized to use this resource'.

Conditions

When remote auth is configured.

Workaround

On BIG-IP versions since 14.1.0.6 and 13.1.1.5: Enable 'Fallback to Local' in the remote auth config section on the BIG-IP system: tmsh modify auth source fallback true. Both local BIG-IP user 'admin' and LDAP user are now able to authenticate and access https://XX.XX.XX.XX/mgmt/toc. On other versions of BIG-IP software, there is no workaround.

Fix Information

When source type is set to a remote auth method, login now succeeds. If the remote server is unavailable, authentication now falls back to local authentication, if authentication source fallback is set to true.

Behavior Change

This release allows fallback to local authentication. When the authentication source type is set to a remote authentication source, if the remote server is unavailable, authentication now falls back to local authentication, if authentication source fallback is set to true.