Forum Discussion
jk20004
Cirrus
CirrusSAML: F5 as SP, Azure as IdP Problems with SLO
We use the F5 as SAML SP and Azure as SAML IdP. The SSO part runs well only the SLO makes problems. When i use the ResponseLocation url (/saml/sp/profile/redirect/slr) from the metadata XML for the...
Have you seen the guide below as it is saying the SLO url
/saml/sp/profile/redirect/slo ?------
From TMOS v16 the SAML SLO endpoint has changed to
./saml/sp/profile/redirect/slo----------
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/f5-big-ip-header-advanced
jk20004Cirrus
Cirrusthe necessary error messages are already visible in the log and we have already successful decoded the assertion.
The problem is that Azure does not have a SLO url for request and one for response.
an attempt to correct the request url also fails because F5 additionally looks at the url in the assertion and to correct that we only found the way to use iRuleLX but there we have no experience also in terms of performance and interaction. (SLO at Azure only works with the Assertion in the url as parameter and there compress is used)
Nikoolayy1
MVP
MVPHave you seen the guide below as it is saying the SLO url
/saml/sp/profile/redirect/slo ?
------
From TMOS v16 the SAML SLO endpoint has changed to
/saml/sp/profile/redirect/slo----------
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/f5-big-ip-header-advanced