Forum Discussion
CirrusSAML Logout RelayState
Dear sirs,
having F5 as an IdP, the SP initiated the single logout POST /saml/idp/profile/post/sls SAMLRequest=.....&RelayState=_a962ae2d30ead40ee851570e4033084754bae7bc91
The response contains correct SAMLResponse, but it doesn't contain the RelayState and the SP complains about it (maybe even correctly). Shouldthe SLS should provide the RelayState? Can we help it somehow?
Thank you in advance Gabriel
5 Replies
You didn't mention the version of APM you are running ?
Are you using v11.4 SLO feature ?
Also is this effecting you ? http://support.f5.com/kb/en-us/solutions/public/15000/000/sol15098.html
Gabriel_V_13146Thank you for the hint. :) Actually - my bad not to specify the release: Internal BIGIP-11.4.1-plus-hf2.14-build2 Our problem is an extension of the support ticket mentioned. I found out myself I have to configure the SLO response URL. But the response doesn't contain the requested relay state. Maybe someone could update / extend the ticket. :) So - apparently I cannot do much about it. Btw - IdP initiated SLO works nicely (the hangup link), so far we will try to use that.. Carpe diem Gabriel
Michael_Koyfma1Just FYI, it looks like this RFE is being tracked as bug id 590192. While it appears it may be targetted to be fixed in version 12.1, I suggest anyone that needs this functionality open a a case with F5 support and ask it to be linked to that bug id.
- Gabriel_V_13146
Reading the blog http://blog.routedlogic.net/?p=480 apparently there should be a way using iRule to store and pass the RelayState is really necessary.
- Michael_Koyfma1
Just FYI, it looks like this RFE is being tracked as bug id 590192. While it appears it may be targetted to be fixed in version 12.1, I suggest anyone that needs this functionality open a a case with F5 support and ask it to be linked to that bug id.
