Bug ID 890029: After upgrading to BIG-IQ version 7.1, client certificate authentication fails

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IQ Platform(all modules)

Opened: Mar 15, 2020

Severity: 3-Major

Symptoms

After you upgrade a BIG-IQ that has client certification authentication enabled to version 7.1, authentication fails. This happens because the corresponding web server settings are altered, causing them to be out of sync with the authentication provider settings.

Impact

User authentication to the BIG-IQ fails.

Conditions

BIG-IQ version 7.0 with client certificate authentication enabled, upgraded to version 7.1

Workaround

Before you upgrade to BIG-IQ version 7.1, disable client certificate authentication. After upgrading BIG-IQ to version 7.1, re-enable client certificate authentication. Alternatively, if you did not disable client certificate authentication before upgrading and you are unable to log in to the BIG-IQ GUI, log in to the BIG-IQ CLI and execute the following command: client-cert-auth -x This resets authentication to the factory settings, with only local authentication available, and without any external authentication providers. After running the command, log into BIG-IQ GUI as the local administrator and set up the LDAP or Active Directory authentication provider with client certificate authentication enabled.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips