APM SAML SLO not appending query parameters properly

Hello,

I'm running TMOS version 13.1.1.4 as SAML IdP for Wordpress SSO.

Wordpress SSO is done with the OneLogin plugin

Our issue is the following :

When the user request a logout from the wordpress website, a Single LogOut ( SLO ) request is sent by the SP (aka Wordpress website ) to the IdP ( F5 ).

The user session is deleted from the APM session table. ( Great ! )

However, when redirecting the user to the logout URI of wordpress, there's the following issue :

URI expected by Wordpress : /wp-login.php?saml_sls=logout&SAMLResponse=<SAML-sessionID>

URI sent by the BIG-IP to Wordpress : /wp-login.php?saml_sls=logout?SAMLResponse=<SAML-sessionID>

The F5 is sending SLO query parameters using the ? symbol instead of the & symbol.

This breaks the SLO parser of OneLogin and thus prevent the user to be logged out of Wordpress.

I've tried fixing this issue with a LTM Strean Profile but that didn't work.

Any idea on how to fix this ?

Also, I've heard that BIG-IP version 14 will fix a lot of SAML issues. True of false ?

Forum Discussion

APM SAML SLO not appending query parameters properly

Recent Discussions

Diameter iRules attachment?

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Use of SSL Decryption.

Related Content

Sync-failover group doesn't sync properly

Brute Force protection for single parameter like OTP

iRule [string range...] not chunking data properly

Wildcard Parameter signature attack

Parameter Value - Regular Expression

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS