Forum Discussion

Dennis_Andrade_'s avatar
Dennis_Andrade_
Icon for Nimbostratus rankNimbostratus
Mar 31, 2015

Removing the SAML assertion from the APM session

Hi all,   I have the F5 APM 11.6 configured as the SAML idP. Configured an external SP and the login SSO is working as expected. When the user hits the logout button from the external application,...
BIG-IP Access Policy Manager (APM)
saml
security
slo
Gianrico_D_Ang1's avatar
Gianrico_D_Ang1
Historic F5 Account
Jun 26, 2015

Hi Peter

 

APM only supports SAML POST bindings for SLO messages.

 

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/27.htmlunique_1429343938

 

Your SP is probably using Redirect binding. You have to configure your SP to use POST binding for SLO messages.

 

Regarding where to find the SLO URI, i could actually not find it in the manual. You should open an ticket and ask for a doc update.

 

Anyway for reference:

 

APM as IDP

 

/saml/idp/profile/post/sls -> Url where the SP sends a logout req to

 

/saml/idp/profile/post/slr -> Url where an SP should respond to when it receives a logout request

 

APM as SP

 

/saml/sp/profile/post/sls -> Url where the IDP sends a logout req to

 

/saml/sp/profile/post/slr -> Url where an IDP should respond to when it receives a logout request

 

thanks

 

gianrico