Forum Discussion
SAML SLO Error
- Mar 16, 2020
Seems like the IDP didnt understood "ResponseLocation". The Reponse was sent to Location rather than ResponseLocation, this is something BIGIP does default:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<bigip>/saml/sp/profile/post/sls" ResponseLocation="https://<bigip>/saml/sp/profile/post/slr">
Temporarily i made an irule that makes an 307 response from /saml/sp/profile/post/sls to /saml/sp/profile/post/slr instead.
Waiting for the IDP to update bigips metadata with only:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<bigip>/saml/sp/profile/post/slr">
Could this cause any trouble?
Seems like the IDP didnt understood "ResponseLocation". The Reponse was sent to Location rather than ResponseLocation, this is something BIGIP does default:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<bigip>/saml/sp/profile/post/sls" ResponseLocation="https://<bigip>/saml/sp/profile/post/slr">
Temporarily i made an irule that makes an 307 response from /saml/sp/profile/post/sls to /saml/sp/profile/post/slr instead.
Waiting for the IDP to update bigips metadata with only:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<bigip>/saml/sp/profile/post/slr">
Could this cause any trouble?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com