Forum Discussion
OWA 2013 SSO - Client initiated form Logout
Hello All,
The issue here is that the condition on the portion below of the current irule does not match.
when HTTP_REQUEST {
set isset 0 if {
[string tolower [HTTP::uri]] starts_with "/owa" } {
if {[string tolower [HTTP::uri]] contains "logoff" } {
ACCESS::session remove
HTTP::respond 302 Location "https://[HTTP::host]/vdesk/hangup.php3"
"Set-Cookie" $static::cookie_sessionid "Set-Cookie" $static::cookie_cadata "Set-Cookie" $static::cookie_usercontext
.....
With Portal Access the URL gets rewritten to something like:
https:///f5-w-474736e612e6174736175746f2e6e6574$$/owa/
so the condition below does not longer match.
[string tolower [HTTP::uri]] starts_with "/owa" }
Therefore the solution I came up with was to modify that portion as per below:
if {[string tolower [HTTP::uri]] matches_regex {\/f5-w-.*\$\$\/owa.*/} } {
So far no issues for me and the logout works as expected. Hopefully it helps.
Regards,
Simon
Hi,
a better solution is to evaluate
ACCESS_ACL_ALLOWED
instead of HTTP_REQUEST
.
when ACCESS_ACL_ALLOWED {
set isset 0 if {
[string tolower [HTTP::uri]] starts_with "/owa" } {
if {[string tolower [HTTP::uri]] contains "logoff" } {
Do not remove the session within irule but redirect to /vdesk/hangup.php3
ACCESS::session remove
Redirect to relative URI and use ACCESS::respond (HTTP::respond not supported in ACCESS_ACL_ALLOWED
HTTP::respond 302 Location "https://[HTTP::host]/vdesk/hangup.php3"
ACCESS::respond 302 Location "/vdesk/hangup.php3" "Set-Cookie" $static::cookie_sessionid "Set-Cookie" $static::cookie_cadata "Set-Cookie" $static::cookie_usercontext
.....
ACCESS_ACL_ALLOWED is evaluated after rewrite.
if you want to use HTTP_REQUEST, scan is better than regex
if {[scan [string tolower [HTTP::uri]] {/f5-w-%[^$]$$/%[^/]} encresource baseuri] == 2 && $baseuri starts_with "owa" } {
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com