Forum Discussion

kimhenriksen's avatar
kimhenriksen
Icon for Cirrocumulus rankCirrocumulus
Feb 23, 2026

apm logout uri not working with javascript...

I have a problem with a apm protected app that wont logout.  The apm has an external idp using saml, it doesnt use a landing page or anything. Just a saml idp. When you logout from the app it uses ...
application delivery
BIG-IP Access Policy Manager (APM)
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for MVP rankMVP
Feb 23, 2026

Have you tried to put loggout uri in "Logout URI Include" setting inside APM policy?

kimhenriksen's avatar
kimhenriksen
Icon for Cirrocumulus rankCirrocumulus
Feb 23, 2026

yes, and also a tried a access::session remove irule that triggers on a specific uri.

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for MVP rankMVP
    Feb 23, 2026

    So APM session does terminated but IDP remains right?

    • kimhenriksen's avatar
      kimhenriksen
      Icon for Cirrocumulus rankCirrocumulus
      Feb 23, 2026

      I´d say neither of them get terminated, as the javascript just sends it´s GET /uri and doesnt follow through with the POST saml slo url..

      • Injeyan_Kostas's avatar
        Injeyan_Kostas
        Icon for MVP rankMVP
        Feb 23, 2026

        i rule with "access::session remove" should terminate the APM session
        are you sure it doesn't?

        for actual solution you should somehow trigger browser redirect
        have not test it but something like this might work

        when HTTP_REQUEST {
    if { [string tolower [HTTP::path]] eq "/logout" } {
        set html {<!doctype html>
<html>
<head><meta charset="utf-8"><title>Logging out...</title></head>
<body>
<script>
  window.location.replace("/my.logout.php3");
</script>
</body>
</html>}

        HTTP::respond 200 content $html "Content-Type" "text/html" "Cache-Control" "no-store"
    }
}