Forum Discussion
Adam_Ingle_1300
Jun 01, 2016Cirrus
APM Forms SSO Session Logout Error Page
Good day!
I am trying to get my policy to recognize when the page /Login/LogOff is being accessed. I'm using Forms Based SSO to front-end an application which is working successfully, but when the...
- Jun 01, 2016
If you change the rule to have the redirect logic in the response it will allow the backend application to receive the request and close the session there as well. This will ensure both the app and APM session are closed properly.
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_REQUEST { set logout 0 if {[HTTP::uri]] equals "/Login/logoff"]}{set logout 1} } when HTTP_RESPONSE { if {$logout}{ log local0. "logout-request-URI: local URI [HTTP::host][HTTP::uri] redirect to /vdesk/hangup.php3" HTTP::header replace "Location" "/vdesk/hangup.php3" } }
Brad_Parker_139
Jun 01, 2016Nacreous
If you change the rule to have the redirect logic in the response it will allow the backend application to receive the request and close the session there as well. This will ensure both the app and APM session are closed properly.
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
set logout 0
if {[HTTP::uri]] equals "/Login/logoff"]}{set logout 1}
}
when HTTP_RESPONSE {
if {$logout}{
log local0. "logout-request-URI: local URI [HTTP::host][HTTP::uri] redirect to /vdesk/hangup.php3"
HTTP::header replace "Location" "/vdesk/hangup.php3"
}
}
- Adam_Ingle_1300Jun 01, 2016CirrusAh. Right on, Brad. By using the HTTP_RESPONSE to replace the header, that also means the application on the back-end receives the original log off request. Without that, the APM session is torn down, but the application session is not. I've tested with this suggested iRule and I see both sessions torn down properly. Many thanks, Brad!
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects