Bug ID 846737: Cannot create RADIUS users and user groups when not logged in as admin user

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IQ Platform(all modules)

Known Affected Versions:
7.0.0, 7.0.0.1, 7.0.0.2

Opened: Nov 07, 2019
Severity: 3-Major

Symptoms

Non-admin users will get a gateway timeout (504 error) when trying to create a user-group for RADIUS users.

Impact

RADIUS users and user groups cannot log in to BIG-IQ.

Conditions

Administrator user other than the local user "admin", trying to create RADIUS users and user groups.

Workaround

Run the following commands on the BIG-IQ CM: ######################### START ############################### cd /var/config/rest/metadata/ for file in $(ls *providers.radius.radius*json ) ; do cp ${file}{,.org} ; done # replacing cm.system.authn.providers.radius.radiusproviderstate.json echo 'ewogICJ1cmlQYXRoIjogIi9jbS9zeXN0ZW0vYXV0aG4vcHJvdmlkZXJzL3JhZGl1cyIsCiAgIml0ZW1LaW5kIjogImNtOnN5c3RlbTphdXRobjpwcm92aWRlcnM6cmFkaXVzOnJhZGl1c3Byb3ZpZGVyc3RhdGUiLAogICJjb2xsZWN0aW9uS2luZCI6ICJjbTpzeXN0ZW06YXV0aG46cHJvdmlkZXJzOnJhZGl1czpyYWRpdXNwcm92aWRlcmNvbGxlY3Rpb25zdGF0ZSIsCiAgIm1vZHVsZSI6ICJzeXN0ZW0iLAogICJjYXRlZ29yeSI6ICJjb2xsZWN0aW9uIiwKICAic3ViY29sbGVjdGlvbnMiOiBbCiAgICB7CiAgICAgICJzdWJjb2xsZWN0aW9uSXRlbUtpbmQiOiAiY206c3lzdGVtOmF1dGhuOnByb3ZpZGVyczpyYWRpdXM6YXV0aHByb3ZpZGVybG9naW5zdGF0ZSIsCiAgICAgICJ1cmlTdWZmaXgiOiAibG9naW4iCiAgICB9LAogICAgewogICAgICAic3ViY29sbGVjdGlvbkl0ZW1LaW5kIjogImNtOnN5c3RlbTphdXRobjpwcm92aWRlcnM6cmFkaXVzOnJhZGl1c3Byb3ZpZGVydXNlcnN0YXRlIiwKICAgICAgInVyaVN1ZmZpeCI6ICJ1c2VycyIKICAgIH0sCiAgICB7CiAgICAgICJzdWJjb2xsZWN0aW9uSXRlbUtpbmQiOiAiY206c3lzdGVtOmF1dGhuOnByb3ZpZGVyczpyYWRpdXM6cmFkaXVzdXNlcmdyb3Vwc3RhdGUiLAogICAgICAidXJpU3VmZml4IjogInVzZXItZ3JvdXBzIgogICAgfQogIF0sCiAgImphdmFEYXRhIjogewogICAgImphckZpbGUiOiAiZjUucmVzdC5qYXIiLAogICAgInBsYXRmb3JtcyI6IFsKICAgICAgewogICAgICAgICJuYW1lIjogIkFOWSIsCiAgICAgICAgIndvcmtlckNsYXNzIjogImNvbS5mNS5yZXN0LndvcmtlcnMuYXV0aG4ucHJvdmlkZXJzLnJhZGl1cy5SYWRpdXNQcm92aWRlckNvbGxlY3Rpb25Xb3JrZXIiCiAgICAgIH0KICAgIF0sCiAgICAic3RhdGVDbGFzcyI6ICJjb20uZjUucmVzdC53b3JrZXJzLmF1dGhuLnByb3ZpZGVycy5yYWRpdXMuUmFkaXVzUHJvdmlkZXJTdGF0ZSIsCiAgICAiY29sbGVjdGlvblN0YXRlQ2xhc3MiOiAiY29tLmY1LnJlc3Qud29ya2Vycy5hdXRobi5wcm92aWRlcnMucmFkaXVzLlJhZGl1c1Byb3ZpZGVyQ29sbGVjdGlvblN0YXRlIiwKICAgICJzdGFydGVkQnlMb2FkZXJXb3JrZXIiOiB0cnVlCiAgfSwKICAic3BlY2lhbFByb3BlcnRpZXMiOiB7CiAgICAic2VjdXJlQXR0cmlidXRlcyI6IFsKICAgICAgImVuY3J5cHRlZFNlY3JldCIKICAgIF0KICB9LAogICJyYmFjIjogewogICAgImFjdGlvbnMiOiBbXSwKICAgICJpc1B1YmxpYyI6IHRydWUsCiAgICAiY29sbGVjdGlvbkdyYW51bGFyaXR5IjogZmFsc2UKICB9LAogICJkaXNwbGF5TmFtZXMiOiB7CiAgICAic2luZ3VsYXIiOiAiUkFESVVTIFByb3ZpZGVyIiwKICAgICJwbHVyYWwiOiAiUkFESVVTIFByb3ZpZGVycyIKICB9LAogICJzdG9yYWdlIjogewogICAgImdsb2JhbFNlYXJjaCI6IHRydWUsCiAgICAiaXNQZXJzaXN0ZWQiOiB0cnVlLAogICAgImNvbGxlY3Rpb24iOiAiYmlnaXFMaXZlT2JqZWN0cyIKICB9LAogICJyZWxhdGVkS2luZHMiOiB7CiAgICAiaW5kaXJlY3QiOiB7CiAgICAgICJmb3J3YXJkIjogWwogICAgICAgICJjbTpzeXN0ZW06YXV0aG46cHJvdmlkZXJzOnJhZGl1czphdXRocHJvdmlkZXJsb2dpbnN0YXRlIiwKICAgICAgICAiY206c3lzdGVtOmF1dGhuOnByb3ZpZGVyczpyYWRpdXM6cmFkaXVzcHJvdmlkZXJ1c2Vyc3RhdGUiLAogICAgICAgICJjbTpzeXN0ZW06YXV0aG46cHJvdmlkZXJzOnJhZGl1czpyYWRpdXN1c2VyZ3JvdXBzdGF0ZSIKICAgICAgXQogICAgfQogIH0KfQo=' | base64 -d > cm.system.authn.providers.radius.radiusproviderstate.json # replacing cm.system.authn.providers.radius.radiusprovideruserstate.json echo 'ewogICJ1cmlQYXRoIjogIi9jbS9zeXN0ZW0vYXV0aG4vcHJvdmlkZXJzL3JhZGl1cy8qL3VzZXJzIiwKICAiaXRlbUtpbmQiOiAiY206c3lzdGVtOmF1dGhuOnByb3ZpZGVyczpyYWRpdXM6cmFkaXVzcHJvdmlkZXJ1c2Vyc3RhdGUiLAogICJjb2xsZWN0aW9uS2luZCI6ICJjbTpzeXN0ZW06YXV0aG46cHJvdmlkZXJzOnJhZGl1czpyYWRpdXNwcm92aWRlcnVzZXJjb2xsZWN0aW9uc3RhdGUiLAogICJtb2R1bGUiOiAic3lzdGVtIiwKICAiY2F0ZWdvcnkiOiAiY29sbGVjdGlvbiIsCiAgInBhcmVudEl0ZW1LaW5kIjogImNtOnN5c3RlbTphdXRobjpwcm92aWRlcnM6cmFkaXVzOnJhZGl1c3Byb3ZpZGVyc3RhdGUiLAogICJqYXZhRGF0YSI6IHsKICAgICJqYXJGaWxlIjogImY1LnJlc3QuamFyIiwKICAgICJwbGF0Zm9ybXMiOiBbCiAgICAgIHsKICAgICAgICAibmFtZSI6ICJBTlkiLAogICAgICAgICJ3b3JrZXJDbGFzcyI6ICJjb20uZjUucmVzdC53b3JrZXJzLmF1dGhuLnByb3ZpZGVycy5BdXRoUHJvdmlkZXJVc2VyQ29sbGVjdGlvbldvcmtlciIKICAgICAgfQogICAgXSwKICAgICJzdGFydGVkQnlMb2FkZXJXb3JrZXIiOiBmYWxzZQogIH0sCiAgInJiYWMiOiB7CiAgICAiYWN0aW9ucyI6IFtdLAogICAgImlzUHVibGljIjogdHJ1ZSwKICAgICJjb2xsZWN0aW9uR3JhbnVsYXJpdHkiOiBmYWxzZQogIH0sCiAgImRpc3BsYXlOYW1lcyI6IHsKICAgICJzaW5ndWxhciI6ICJSQURJVVMgVXNlciIsCiAgICAicGx1cmFsIjogIlJBRElVUyBVc2VycyIKICB9LAogICJzdG9yYWdlIjogewogICAgImlzUGVyc2lzdGVkIjogdHJ1ZSwKICAgICJnbG9iYWxTZWFyY2giOiBmYWxzZSwKICAgICJjb2xsZWN0aW9uIjogImJpZ2lxTGl2ZU9iamVjdHMiCiAgfSwKICAicmVsYXRlZEtpbmRzIjogewogICAgImluZGlyZWN0IjogewogICAgICAiYmFja3dhcmQiOiBbCiAgICAgICAgImNtOnN5c3RlbTphdXRobjpwcm92aWRlcnM6cmFkaXVzOnJhZGl1c3Byb3ZpZGVyc3RhdGUiCiAgICAgIF0KICAgIH0KICB9Cn0K' | base64 -d > cm.system.authn.providers.radius.radiusprovideruserstate.json # replacing cm.system.authn.providers.radius.radiususergroupstate.json echo 'ewogICJ1cmlQYXRoIjogIi9jbS9zeXN0ZW0vYXV0aG4vcHJvdmlkZXJzL3JhZGl1cy8qL3VzZXItZ3JvdXBzIiwKICAiaXRlbUtpbmQiOiAiY206c3lzdGVtOmF1dGhuOnByb3ZpZGVyczpyYWRpdXM6cmFkaXVzdXNlcmdyb3Vwc3RhdGUiLAogICJjb2xsZWN0aW9uS2luZCI6ICJjbTpzeXN0ZW06YXV0aG46cHJvdmlkZXJzOnJhZGl1czpyYWRpdXN1c2VyZ3JvdXBzY29sbGVjdGlvbnN0YXRlIiwKICAibW9kdWxlIjogInN5c3RlbSIsCiAgImNhdGVnb3J5IjogImNvbGxlY3Rpb24iLAogICJwYXJlbnRJdGVtS2luZCI6ICJjbTpzeXN0ZW06YXV0aG46cHJvdmlkZXJzOnJhZGl1czpyYWRpdXNwcm92aWRlcnN0YXRlIiwKICAiamF2YURhdGEiOiB7CiAgICAiamFyRmlsZSI6ICJmNS5yZXN0LmphciIsCiAgICAicGxhdGZvcm1zIjogWwogICAgICB7CiAgICAgICAgIm5hbWUiOiAiQU5ZIiwKICAgICAgICAid29ya2VyQ2xhc3MiOiAiY29tLmY1LnJlc3Qud29ya2Vycy5hdXRobi5wcm92aWRlcnMuQXV0aFByb3ZpZGVyVXNlckdyb3VwQ29sbGVjdGlvbldvcmtlciIKICAgICAgfQogICAgXSwKICAgICJzdGFydGVkQnlMb2FkZXJXb3JrZXIiOiBmYWxzZQogIH0sCiAgInJiYWMiOiB7CiAgICAiYWN0aW9ucyI6IFtdLAogICAgImlzUHVibGljIjogdHJ1ZSwKICAgICJjb2xsZWN0aW9uR3JhbnVsYXJpdHkiOiBmYWxzZQogIH0sCiAgImRpc3BsYXlOYW1lcyI6IHsKICAgICJzaW5ndWxhciI6ICJSQURJVVMgVXNlciBHcm91cCIKICB9LAogICJzdG9yYWdlIjogewogICAgImlzUGVyc2lzdGVkIjogdHJ1ZSwKICAgICJnbG9iYWxTZWFyY2giOiBmYWxzZSwKICAgICJjb2xsZWN0aW9uIjogImJpZ2lxTGl2ZU9iamVjdHMiCiAgfSwKICAicmVsYXRlZEtpbmRzIjogewogICAgImluZGlyZWN0IjogewogICAgICAiYmFja3dhcmQiOiBbCiAgICAgICAgImNtOnN5c3RlbTphdXRobjpwcm92aWRlcnM6cmFkaXVzOnJhZGl1c3Byb3ZpZGVyc3RhdGUiCiAgICAgIF0KICAgIH0KICB9Cn0K' | base64 -d > cm.system.authn.providers.radius.radiususergroupstate.json ###################### END ######################################## To confirm that the files were modified, you can run the following: for file in $(ls *providers.radius.radius*json ) ; do echo $file ; diff ${file}.org $file ; done | md5sum The expected output is: e2dd5729c5bd96c4fd48e9b73d4f88cc If you don't get the exact same md5sum, something went wrong... please restore the original files: for file in $(ls *.org) ; do orgfile=$(echo $file | sed -e 's/.org//g') ; \mv $file $orgfile ; done if you got the same md5sum, you can restart restjavad to load the new metadata: bigstart restart restjavad ;

Fix Information

None

Behavior Change