Forum Discussion
Adam_Ingle_1300
Cirrus
CirrusAPM Forms SSO Session Logout Error Page
Good day!
I am trying to get my policy to recognize when the page /Login/LogOff is being accessed. I'm using Forms Based SSO to front-end an application which is working successfully, but when the...
If you change the rule to have the redirect logic in the response it will allow the backend application to receive the request and close the session there as well. This will ensure both the app and APM session are closed properly.
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_REQUEST { set logout 0 if {[HTTP::uri]] equals "/Login/logoff"]}{set logout 1} } when HTTP_RESPONSE { if {$logout}{ log local0. "logout-request-URI: local URI [HTTP::host][HTTP::uri] redirect to /vdesk/hangup.php3" HTTP::header replace "Location" "/vdesk/hangup.php3" } }
Brad_ParkerCirrus
CirrusIf you change the rule to have the redirect logic in the response it will allow the backend application to receive the request and close the session there as well. This will ensure both the app and APM session are closed properly.
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
set logout 0
if {[HTTP::uri]] equals "/Login/logoff"]}{set logout 1}
}
when HTTP_RESPONSE {
if {$logout}{
log local0. "logout-request-URI: local URI [HTTP::host][HTTP::uri] redirect to /vdesk/hangup.php3"
HTTP::header replace "Location" "/vdesk/hangup.php3"
}
}
Adam_Ingle_1300Cirrus
CirrusAh. Right on, Brad. By using the HTTP_RESPONSE to replace the header, that also means the application on the back-end receives the original log off request. Without that, the APM session is torn down, but the application session is not. I've tested with this suggested iRule and I see both sessions torn down properly.
Many thanks, Brad!