Forum Discussion

fabiblack_18546's avatar
fabiblack_18546
Icon for Nimbostratus rankNimbostratus
Feb 05, 2015

Race Condition in SSO Logon Page

Hey there,

I have a big problem with one of our ASPX Web Apps and the F5 SSO. I cant get it to work properly, i have 3 possible outcomes that happen at random and I don't know how to solve this mess...

Case1: User types Credentials into Logon Page-> 2 URL Changes and everything works as intended.

Case2: User types Credentials into Logon Page-> 2 URL Changes and the User gets a Blank Screen, if he now Refreshes the Page, he will be loged in and it will work fine.

Case3: User types Credentials into Logon Page-> 1 URL Change and the User is presented with the ASPX Form.

As for my Configuration I mostly took Table15 from https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-sso-config-11-2-0/3.html and changed it to my needs.

The JavaScript injection looks as follow(EXTRA):

WebForm_DoPostBackWithOptions(new WebForm_DoPostBackWithOptions("LoginVariable","",true,"","",false,false));
__f5form.enctype = 'application/x-www-form-urlencoded'; 
__f5form.encoding = 'application/x-www-form-urlencoded';

Is there anything I can do to fix this? This Random Race Condition is driving me crazy...

2 Replies

  • Forms2 SSO has many issues. The one that I have encountered is that it fails to properly perform HTTP re-chunking causing corrupted content to be sent to the client.

    I use the following irules to selectively force re-chunking for requests that use Forms2 SSO. Alternatively, you could change the HTTP profile to rechunk ALL content. But that might not be suitable if you have multiple applications running under a single VS.

    when ACCESS_ACL_ALLOWED {
        switch -glob [HTTP::uri] {
            "/app1/*" {
                set sso_config /Common/APP1-SSOFormsV2
                WEBSSO::select $sso_config
                unset sso_config
                set rechunk_required 1
            }
        }
    }
    
    when HTTP_RESPONSE {
         Fix for Case C1746889 and Bug 383341
         This is needed for when Forms SSO V2 interferes with HTTP Chunking under the "Selective" mode of the HTTP Profile
        if { [info exists rechunk_required] } {
            if { [HTTP::header exists "Transfer-encoding"] } {
                HTTP::payload rechunk
            }
            unset rechunk_required
        }
    }
    

    I would also suggest that you are certain Forms based SSO will not work in your situation.

  • Unfortunately I get the same behaviour with the Irule applied and/or enabling rechunking. When i rechunk too much(Request Chunking), i get a page error.