Bug ID 744476: Some SSO methods may work inappropriately when using OTP Generate agent

Last Modified: Dec 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
15.0.0, 15.0.1

Fixed In:
15.1.0

Opened: Sep 19, 2018
Severity: 4-Minor

Symptoms

Password-based single sign-on (SSO) methods (such as HTTP basic, NTLM, Form Based) may not work because the OTP Generate agent overwrites the session.logon.last.password session variable with the one-time password.

Impact

Some SSO methods may not work as expected.

Conditions

Access policy contains 'OTP Generate' agent and the Access Profile has an assigned SSO method.

Workaround

1. Use a 'Variable Assign' agent to store the APM end user's password in a temporary session variable. 2. Use that as the source in the SSO credential mapping agent.

Fix Information

This release adds an 'OTP Source' field in the v1 (per-session) OTP verify agent.

Behavior Change