Bug ID 837781: Per-request policy using Client-Initiated Form-based SSO cannot access the resource, and configured as SAML-IdP, fails to process SAML Requests/Responses.

Last Modified: Oct 27, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4

Opened: Oct 11, 2019
Severity: 3-Major

Symptoms

When the BIG-IP system contains a per-request policy and is deployed to use Client-Initiated Form-based SSO for a resource, you cannot access the resource. When the BIG-IP system is deployed as SAML-IdP, it fails to process SAML Requests/Responses.

Impact

For BIG-IP systems deployed with Client-Initiated Form-based SSO on a resource, you cannot access the resource. For BIG-IP systems deployed as SAML IdP, SAML functionality does not work.

Conditions

This occurs only when per-request policy is also associated in the BIG-IP virtual server.

Workaround

Do not configure the per-request policy in the virtual server.

Fix Information

None

Behavior Change