Forum Discussion
F5 APM SAML SLO not working MRH cookie not send
We have the F5 configured as IDP and an external SAAS application as the SP and SAML SSO is working. The problem is that when logging out using SAML SLO the SP does not include the MRH cookie and for that reason the F5 IDP does not close the session.
We see that the SP also includes the <SessionIndex>_58f5f881d2dda657f0789666e886ef92253ecb</SessionIndex> identifier so we are thinking perhaps we can use that to find the MRH session value on the F5 and close the session.
We also undestand that this could be solved on the external SAAS app but changing that behavior would be a painfull process.
Anyone knows how to retreive the MRH session id by searching the SessionIndex value on the F5 IDP?
- Giridharan_2650
Nimbostratus
Nir Zigler, Thanks for your response . Test cases in the following OWASP link were tried against the managed WAF rules and it was not getting blocked (https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)) . Do we have any reference to the attack patterns that the rule set covers
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com