APM SLO from external IDP and multiple local SPs at once

Hi,

 

I have the following setup on my F5 APM module:

 

• Application A. Defined as Local SP (SP_A)

   

• Application B. Defined as Local SP (SP_B)

   

• External IDP (IDP_C)

Single Sign On works perfectly fine.

 

I'm trying to achieve the following scenario, when I hit the logout page of Application A or B:

 

• Application A logout page needs to be executed to clean application specific cookie
• Application B logout page needs to be executed to clean application specific cookie
• Logout from the IDP
• APM sessions removed for Application A & B (and respective session cookies deleted)

Constraint: I cannot configure a Logout URI on my polices as the application logout URI contains request parameters which are not supported in my version of F5 APM, example: "https://app1.com/analytics/saw.dll?Logoff"

 

What is the best way to achieve this?

 

Thanks for the help.