Saml Logout from IDP and redirect

Question

Hi 
I My BigIP is SP 
My Logout URI is /logout
when client request /logout 
I create a irule for logout and close APM session
when HTTP_REQUEST {             if { [string tolower [HTTP::uri]] contains "/logout" } {                 ACCESS::session remove                ACCESS::respond 302 Location "http://OtherHost.com/" "Set-Cookie" "MRHSession=0; expires=Tuesday, 29-Mar-1970 00:15:00 GMT" "Connection" "Close"             }    }
but after client won't connect again after 1 min it automatically connected without credentials because i think the IDP doesn't do logout POST?
how can I fix that ?

youssef1 · Answer

Hi,
try this:
when HTTP_REQUEST { 
if { [string tolower [HTTP::uri]] contains "/logout" } { 
ACCESS::respond 302 noserver Location "/vdesk/hangup.php3"
return
}
}

If you set correctly apm part (SLS and SLR) you will be redirect automaticly to your IDP in order to logout then return to app.
Keep me in touch.
Regards

Forum Discussion

Saml Logout from IDP and redirect

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

APM/SAML Logout.

Enable SAML Service Provider on F5 Distributed Cloud Application

Configure F5 ASM Logout page

SAML SLO Error

APM Cookbook: SAML IdP Chaining

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS