Bug ID 837781: Per-request policy using Client-Initiated Form-based SSO cannot access the resource, and configured as SAML-IdP, fails to process SAML Requests/Responses.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1

Opened: Oct 11, 2019

Severity: 3-Major

Symptoms

When the BIG-IP system contains a per-request policy and is deployed to use Client-Initiated Form-based SSO for a resource, you cannot access the resource. When the BIG-IP system is deployed as SAML-IdP, it fails to process SAML Requests/Responses.

Impact

For BIG-IP systems deployed with Client-Initiated Form-based SSO on a resource, you cannot access the resource. For BIG-IP systems deployed as SAML IdP, SAML functionality does not work.

Conditions

This occurs only when per-request policy is also associated in the BIG-IP virtual server.

Workaround

Do not configure the per-request policy in the virtual server.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips