Forum Discussion

Nimbostratus

Apr 05, 2019

SAML SLO response data destination modification needed

I have the following requirement to modify the SAML response data in particular the SLO destination. The goal here is to finalize the end user session on both the SP mywebsite, IDP1 and IDP2 (this is...

application delivery

BIG-IP Access Policy Manager (APM)

Cirrocumulus

Apr 10, 2019

I created the following Irule on IDP1 to detect the SLO request, bypassing the local IDP from processing the SLO request and forwarding it to IDP2/logmeout. The POST SLO request is being received at the IDP2 and again being redirected back to IDP1, before that I insert the referer header as the query to be able to differentiate the request and guess what it is working, BUT because of the ACCESS::restrict_irule_events disable the IDP1 is not processing the SLO request to be able to send the SAML SLO response back to the SP.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SAML SLO response data destination modification needed

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Bridging and FQDN rewrite Policy

Checking for X-Forwarded-For against an Address Data-Group

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Related Content

Introduction of Incident Response

Destination address at F5

Snippet #3: LineRate and Response Header Modification

F5 NGINX API Gateway: Simplify Response Manipulation

Block destination IP by source IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS