Bug ID 744476: Some SSO methods may work inappropriately when using OTP Generate agent

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
15.0.0, 15.0.1,,,,

Fixed In:

Opened: Sep 19, 2018
Severity: 4-Minor


Password-based single sign-on (SSO) methods (such as HTTP basic, NTLM, Form Based) may not work because the OTP Generate agent overwrites the session.logon.last.password session variable with the one-time password.


Some SSO methods may not work as expected.


Access policy contains 'OTP Generate' agent and the Access Profile has an assigned SSO method.


1. Use a 'Variable Assign' agent to store the APM end user's password in a temporary session variable. 2. Use that as the source in the SSO credential mapping agent.

Fix Information

This release adds an 'OTP Source' field in the v1 (per-session) OTP verify agent.

Behavior Change