Forum Discussion
SAML: F5 as SP, Azure as IdP Problems with SLO
- Aug 29, 2022
Have you seen the guide below as it is saying the SLO url
/saml/sp/profile/redirect/slo ?
------
From TMOS v16 the SAML SLO endpoint has changed to
./saml/sp/profile/redirect/slo
----------
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/f5-big-ip-header-advanced
this is exactly the info i was looking for, thanks!
The only problem is that we are still on 15 and can not go to 16 because there is a bug with the OneConnect profile that f5 can not / will not solve but we hope for the next 17er release
Still you can try to follow the Microsoft guide even for 15.1.x or 16.1.x (upgrade to the latest ones) as you have configured the correct old loggout URL. F5 and Microsoft have great integrations and they are partners so SLO should work with Azure as you see even Microsoft has guide for F5 APM. If needed open cases to F5 and Microsoft if the guide does not help as per Microsoft Azure Guide the Azure SLO should work with F5 APM.
---------------
Service Provider settings for SLO
Redirect Binding URLs for SLO:
- Settings for SP Single Logout Request:
https://idp.hostname.com/saml/idp/profile/redirect/sls
- Settings for SP Single Logout Response:
https://idp.hostname.com/saml/idp/profile/redirect/slr
POST Binding URLs for SLO:- Settings for SP Single Logout Request:
https://idp.hostname.com/saml/idp/profile/post/sls- Settings for SP Single Logout Response:
https://idp.hostname.com/saml/idp/profile/post/slr--------------
Overview of the SAML Single Logout (SLO) URLs (f5.com)
- Settings for SP Single Logout Response:
- Settings for SP Single Logout Request:
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com