Closed pwhitef5 closed 2 years ago
Hi, I've added this to our internal backlog as MYSTIQUE-528 for investigation.
I have looked into this further and found the issue - after retrieving the auth token it then uses PATCH and tries to change the timeout value to be 123456789 secs. However, this is more than the maximum timeout which is 36000 secs. You can test this yourself with Postman by trying to patch a token with timeout greater than 36000 secs ( 36000 gives a 200 OK, 36001 gives a 406 error with message "Auth-token absolute timeout (36000 seconds) exceeded: 36001 seconds").
The reason why this leads to GUI crashing is that it immediately loops on any error which is not 404, so there are 45K+ PATCH requests sent by the browser which consumes all of the resources and causes GUI crash.
Seems like a simple fix to me - change the timeout to 36000 instead of 123456789. Maybe improve failure handling as well ie don't just infinite loop.
As a workaround, you can edit the file /var/config/rest/iapps/f5-appsvcs-templates/presentation/bundle.js and set if(o.token&&o.timeout>1200) to be if(o.token&&o.timeout<1200)
The 12346789 value is coming from your System -> Preferences :: Idle Time Before Automatic Logout setting. Values between 20 and 2147483647 can be used but, as a workaround, you can change the value to 36000 until this is fixed in the next release.
Closing. This issue was resolved with Release 1.15.0.
Environment
Summary
When connecting to the FAST GUI, shortly after the FAST Templates page is loaded the GUI crashes ie the swirl comes up, BIG-IP disconnect message comes up and eventually reconnects. Lots ie thousands of console messages of "Failed to load resource: net::ERR_INSUFFICIENT_RESOURCES" and "Failed to load resource: the server responded with a status of 406 (Not Acceptable)" pointing at /mgmt/shared/authz/tokens. These mention the PATCH method and this seems to be related to trying to renew the authz token. When i click on the authz link in the console and go to the REST endpoint myself ( using GET, obviously ) then I can see the token is present. If I perform a PATCH to update the timeout using POSTMAN, it accepts this with 200 OK.
This is an F5 internal VE which has only LTM provisioned and medium management.
This also happens when in Incognito browser mode, and is the same in both Chrome (96.0.4664.110) and MS Edge