SAML logout hangs on response

Question

Hello all,
using BIG-IP v11.4.1 (Build 635.0) as a SAML IdP. Actually - we are chaining authentication between 2 IdPs. On invoking a hangup link, the user us 'hanged' on a response url (/saml/idp/profile/post/slr) with following exception in the /var/log/apm:
Sep  9 12:11:48 slot1/localhost err tmm1[8705]: 014d0002:3: SSOv2 plugin error(16) in sso/saml.c:6082
Sep  9 12:11:48 slot1/localhost err tmm2[8705]: 014d0002:3: SSOv2 plugin error(16) in sso/saml.c:6082

The posted response is a signed successful logout reply.
Any idea anyone?  We are aware there are lot of fixes up to the BIGIP 11.6, however it will take time until the client can upgrade and .. even I'm not sure it's related to any of the fixed issues.
Best regards..
     Gabriel

gabriel_v_13146 · Answer

ok - maybe it's related to the following issue fixed in 11.5
421796 SAML single logout (SLO) now succeeds when a SAML Service Provider (SP) session times out, the user logs in to the SAML SP again, and the user initiates SLO.

seems loggging out from an IdP which delegates logout to another IdP and when returning back the session is already gone (already closed)

Forum Discussion

SAML logout hangs on response

1 Reply

Recent Discussions

redirect not working

Can iRule be used to perform exception of IPI category based on Geolocation

Monitor string query

Telemetry streaming to Elasticsearch

Error while running ansible

Related Content

Hanging with DevCentral at RSA Conference 2023

Introduction of Incident Response

Configure F5 ASM Logout page

custom response page for api

FIX Message Response