How to handle multiple SAML assertions within the same APM session

Using the BIG-IP as and IdP, I have a requirement to handle multiple SAML assertions within the same session. The idea is that a user logs in from a web form first - this is the first SAML authentication. Once logged in they have the option to click on a link which seamlessly authenticates them again and takes them to another page which is essentially a completely independent application. These two "applications" do not pass information to each other so handling permissions based on a single SAML authentication is not an option (yet).

The problem is after authenticating with the second application and clicking the logout button, the logout URI we are redirected to is the first SAML SP rather than the second.

I believe this is happening because when you click logout, it doesn't know which SP ACS to use. Is there a way to force a second APM session to be generated when authenticating a second time and somehow select that session to logout of specifically?

application delivery

BIG-IP

BIG-IP Access Policy Manager (APM)

Forum Discussion

How to handle multiple SAML assertions within the same APM session

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

F5 XC Session tracking with User Identification Policy

TLS Stateful vs Stateless Session Resumption

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

Agility sessions announced

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS