IE Error with F5 URL

Question

Hi,&nbsp;
We've setup our SAP Fiori application to work over the F5.&nbsp;
With IE 11, we see the login page just fine using the external F5 URL.
However, after entering the credentials &amp; hitting the Login button, it says:&nbsp;
Logon with URL parameter not possible; logon cookie is missing&nbsp;
It simply refuses to let us in.
On browsers such as Chrome, this issue isn't observed &amp; we're able to log in just fine.&nbsp;
With IE, it appears to be passing credentials in the URL string.&nbsp;
If we use the local URL (without the F5), we do not see this problem.
Its just IE 11 + F5 together that lead to this issue.
Maybe IE has strict rules, thus forbids us from proceeding...is there an irule we're missing maybe ?&nbsp;
Please help advise...&nbsp;
Thanks a ton !
saba.&nbsp;

kai_wilke · Answer

Hi Saba,&nbsp;
its very hard to tell whats going wrong without having a look on the wire (aka. using HTTPWatch, Fiddler, etc. to see the differences). &nbsp;
But you may want to perform the standard procedure when troubleshooting broken website functionality.&nbsp;
Flush your browser cache.Unbind possible iRules which are tampering the payload or headers.Turn of HTTP-Compression on F5.Roll back any changes to the HTTP profile esp. the req/resp chunking settings.
Cheers, Kai&nbsp;

saba_007_140621 · Answer

Thank you, Kai !&nbsp;
We'll surely check up on these points.
We did try using HTTPwatch, but nothing substantial came up in the trace :(&nbsp;
Is there something different about the way IE 11 handles security...i.e. it passes the creds. in the URL string.&nbsp;
Safari, Chrome &amp; Firefox work perfectly Ok.&nbsp;
We have a setting in SAP that says: Deactivate login XSRF protection...after setting this, the Login page keeps popping up again n again...i.e. it refuses to move further.
The only difference is that now we don't see the "Logon with URL parameter not possible; logon cookie is missing" error...but the issue stays :(&nbsp;
Thanks a lot !
saba.&nbsp;

kai_wilke · Answer

Hi Saba,
I duno why your IE starts sending the form data using  (i.e. send form data as query string)... 😞
Is your IE still sending a POST request with additional querystring information, or is it now a pure GET request? 
Have you already compared the HTML/JS content for any differences using the one and another browser/access?
Does it also happen on a fresh Windows installations, without additional addons/programs? 
You may also press the F12 button in IE and check if some console errors would indicate the problem, or if your problem could be resolved by using a certain IE downlevel mode?

logon cookie is missing" error

You could also try to loosen the cookie-releated security settings, or even puting the site into a different IE security zone to narrow the issue. 
Are you using some sort of cookie encryption on your F5?

Deactivate login XSRF protection

XSRF is not an explicit browser functionality. Its more a combination of well established core functionalities. It will make sure you've visited the login site before sending login information. Basically it will track your site usage flow by using reversible but still unpredictable random query strings, form datas and cookie values etc...

about the way IE 11 handles security

Browser security is somewhat complex in these days. I've stopped catching up with all those protection mechanism many years ago... 😉
Cheers, Kai

rk553_294531 · Answer

Hi Saba,&nbsp;
I have similar issue in my environment, could you please let me know the solution.&nbsp;
Thank you in advance.&nbsp;

Forum Discussion

IE Error with F5 URL

4 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Doing mTLS Authentication per URL

url redirect

Insufficient permissions BIG-IQ login error

URL Shortener

502 Bad Gateway Error