Forum Discussion

SteveD1979's avatar
SteveD1979
Icon for Cirrostratus rankCirrostratus
Apr 10, 2024

Having an issue with SAML access policy routing traffic

I wanted to see if anyone could possibly help me with this.  I have an access policy set up where my F5 is configured as the SP and we use an external IDP.  The IDP hosts some of the application functions and we host some others so users without knowing are navigating between the two.  On our side when the VIP with the access policy gets hit I send the application side an http redirect with the business function contained in the SAML assertion as part of the URI which is how the application knows how to route.  We're having an issue where some times if the user clicks on a tab to go to one function it'll just go back to the one it was on.  You can see it in the URL field as well.  When we check the dev tools the SAML assertion is showing up in the payload with the correct SAML variable values which should then redirect to the correct page but on the F5 I wasn't even seeing the attempt.  I'm wondering now if that may be because i don't have the Enable URL request logs enabled on the profile but can anyone help with anything they think could cause this?  It isn't always the same function where it fails and it isn't always the same amount of attempts.

  • This just happens when the user is on a page where the function is hosted by our company and uses the back button on the browser which puts them back at the original landing page for the IDP and then picks another function we host.

    • SteveD1979's avatar
      SteveD1979
      Icon for Cirrostratus rankCirrostratus

      Seems like the issue is because the back button is keeping the old session alive but when users click the "X" that is on the webpage it kills the session and starts a new one when another function is selected.  Is there a way to kill the session when that IDP landing page gets hit even with the back button?