For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Marfex's avatar
Marfex
Icon for Nimbostratus rankNimbostratus
Oct 01, 2018

SAML SP Close session after redirect to IDP

Hello all!   I have an F5 configured as SP for an external IDP vendor. Under certain VPE conditions (after the client has authenticated with SAML), the user may hit a Redirect Ending with the opti...
BIG-IP Access Policy Manager (APM)
security
Marfex's avatar
Marfex
Icon for Nimbostratus rankNimbostratus
Mar 13, 2020

If someone get this issue. The F5 is able to close the session because it saw a logout hit ... even if the IDP do not confirm the logout (independent of POST or Redirect).

 

In my case, the IDP had a certificate matching problem asertions for logout. After they fix that, everything worked out.