Saml Logout from IDP and redirect

Question

Hi 
I My BigIP is SP 
My Logout URI is /logout
when client request /logout 
I create a irule for logout and close APM session
when HTTP_REQUEST {             if { [string tolower [HTTP::uri]] contains "/logout" } {                 ACCESS::session remove                ACCESS::respond 302 Location "http://OtherHost.com/" "Set-Cookie" "MRHSession=0; expires=Tuesday, 29-Mar-1970 00:15:00 GMT" "Connection" "Close"             }    }
but after client won't connect again after 1 min it automatically connected without credentials because i think the IDP doesn't do logout POST?
how can I fix that ?

youssef1 · Answer

Hi,
try this:
when HTTP_REQUEST { 
if { [string tolower [HTTP::uri]] contains "/logout" } { 
ACCESS::respond 302 noserver Location "/vdesk/hangup.php3"
return
}
}

If you set correctly apm part (SLS and SLR) you will be redirect automaticly to your IDP in order to logout then return to app.
Keep me in touch.
Regards

Forum Discussion

Saml Logout from IDP and redirect

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

Related Content

F5 HTTPS Redirect 2025

APM/SAML Logout.

We Heard You! R35 Brings Frictionless OIDC Logout and Richer Claims to NGINX Plus

SAML - LTM in front of SP

Enable SAML Service Provider on F5 Distributed Cloud Application

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS