Forum Discussion
CirrusSAML: F5 as SP, Azure as IdP Problems with SLO
Have you seen the guide below as it is saying the SLO url
/saml/sp/profile/redirect/slo ?------
From TMOS v16 the SAML SLO endpoint has changed to
./saml/sp/profile/redirect/slo----------
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/f5-big-ip-header-advanced
Cirrusthis is exactly the info i was looking for, thanks!
The only problem is that we are still on 15 and can not go to 16 because there is a bug with the OneConnect profile that f5 can not / will not solve but we hope for the next 17er release
MVPStill you can try to follow the Microsoft guide even for 15.1.x or 16.1.x (upgrade to the latest ones) as you have configured the correct old loggout URL. F5 and Microsoft have great integrations and they are partners so SLO should work with Azure as you see even Microsoft has guide for F5 APM. If needed open cases to F5 and Microsoft if the guide does not help as per Microsoft Azure Guide the Azure SLO should work with F5 APM.
---------------
Service Provider settings for SLO
Redirect Binding URLs for SLO:
- Settings for SP Single Logout Request:
https://idp.hostname.com/saml/idp/profile/redirect/sls
- Settings for SP Single Logout Response:
https://idp.hostname.com/saml/idp/profile/redirect/slr
POST Binding URLs for SLO:- Settings for SP Single Logout Request:
https://idp.hostname.com/saml/idp/profile/post/sls- Settings for SP Single Logout Response:
https://idp.hostname.com/saml/idp/profile/post/slr--------------
Overview of the SAML Single Logout (SLO) URLs (f5.com)
- Settings for SP Single Logout Response:
- Settings for SP Single Logout Request:
