Forum Discussion
Marvin_129795
Nimbostratus
NimbostratusSAML SLO response data destination modification needed
I have the following requirement to modify the SAML response data in particular the SLO destination. The goal here is to finalize the end user session on both the SP mywebsite, IDP1 and IDP2 (this is...
Marvin
Cirrocumulus
Cirrocumuluswhen CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST
{
set query [URI::query [HTTP::uri]]
if { [HTTP::uri] contains "saml/idp/profile/post/sls" and [string tolower [HTTP::query]] contains "referer inserted by IDP2"} {
log local0. "second logout from IDP requested from IP [IP::client_addr] URI [HTTP::uri] query [HTTP::query]"
return
}
if { [HTTP::uri] contains "saml/idp/profile/post/sls" } {
log local0. "logout requested from IP [IP::client_addr] URI [HTTP::uri] query [HTTP::query]"
HTTP::respond 307 Location "https://IDP2/logmeout"
log local0. "SLO from SP detected and redirected"
}
else {
return
}
}