For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

nland_178813's avatar
nland_178813
Icon for Nimbostratus rankNimbostratus
Dec 22, 2014

Session deleted due to user logout request?

Hello. I currently have SAML authentication set up, and it works well most of the time. However, I keep getting the following sporadically:

2014-12-22 13:20:35 
Received User-Agent header: Mozilla%2f5.0%20(Windows%20NT%206.1%3b%20WOW64%3b%20rv%3a31.0)%20Gecko%2f20100101%20Firefox%2f31.0.

2014-12-22 13:20:35  
Received client info - Type: Mozilla Version: 5 Platform: Win7 CPU: WOW64 UI Mode: Full Javascript Support: 1 ActiveX Support: 0 Plugin Support: 1

2014-12-22 13:20:35    
New session from client IP x.x.x.x (ST=/CC=/C=) at VIP x.x.x.x Listener /Common/SAML_SP (Reputation=Unknown)

2014-12-22 13:20:35    
\N: Session deleted due to user logout request.

2014-12-22 13:20:35    
Following rule 'fallback' from item 'SAML Auth' to ending 'Deny'

2014-12-22 13:20:35    
Access policy result: Logon_Deny

2014-12-22 13:21:16    
Session statistics - bytes in: 2036, bytes out: 818

The other thing is, if I try to authenticate directly after that, I will be able to do so successfully. I'm not sure why the session is deleted due to 'user logout request'. Any ideas as to what is happening?

BIG-IP Access Policy Manager (APM)
saml
security

6 Replies

  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Dec 26, 2014

    Are you saying the BIG-IP is the IdP or the SP in this instance? (Is the application authenticating against the F5 or is the F5 authenticating against a different identity provider?)

     

    And what does your policy look like in the VPE? Doing any checks that may be failing for some reason?

     

  • Vinne73's avatar
    Vinne73
    Icon for Cirrus rankCirrus
    Sep 24, 2018

    Is there any news on this? I have the same problem.

     

    My BigIP/APM is a SAML SP. I use Shibboleth as IdP. This works 99% of the time. The other 1 procent gives errors. Browsers might show the error "Invalid nonce"

     

    What my logs show:

     

    apmd[13185]: 01490266:7: /Common/UA:UAnet:1f3c043d: ApmD.cpp: 'process_apd_request()': 1815: ** done with the request processing ** tmm[19269]: 01490501:5: /Common/UA:UAnet:1f3c043d: Session deleted due to user logout request.

     

    Which is not true, the user did not ask for a logout.

     

  • Vinne73_96575's avatar
    Vinne73_96575
    Icon for Nimbostratus rankNimbostratus
    Sep 24, 2018

    Is there any news on this? I have the same problem.

     

    My BigIP/APM is a SAML SP. I use Shibboleth as IdP. This works 99% of the time. The other 1 procent gives errors. Browsers might show the error "Invalid nonce"

     

    What my logs show:

     

    apmd[13185]: 01490266:7: /Common/UA:UAnet:1f3c043d: ApmD.cpp: 'process_apd_request()': 1815: ** done with the request processing ** tmm[19269]: 01490501:5: /Common/UA:UAnet:1f3c043d: Session deleted due to user logout request.

     

    Which is not true, the user did not ask for a logout.

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Sep 24, 2018

    Hi,

     

    Can you tell me if users that encounter this kind of behaviour use MacOS or IOS?

     

    I already encounter this kind of behviour with this users....

     

    regards,

     

    • Ford_Prefect's avatar
      Ford_Prefect
      Icon for Cirrus rankCirrus
      Feb 12, 2021

      Hi,

       

      Could you please share your experience in solving this issue as I have the same problem with iOS 13 user session. I don't even have SAML, just AD Auth user lockout loop that breakes on the second iteration with "Session deleted due to user logout request"?