Forum Discussion
Eric_Raff_11012
Feb 25, 2015Nimbostratus
SharePoint and SAML Single Log Out
I have an APM Policy doing SAML authN client side (APM is the SAML service provider) and Kerberos AuthN server side. All working well there. Dealing with Single Log Out and I want both the APM sessio...
Eric_Raff_11012
Feb 25, 2015Nimbostratus
Hmm, it does not like the ACCESS:: commands as part of the HTTP_REQUEST. I get this error?: [command is not valid in current event context (HTTP_REQUEST)][ACCESS::respond 302 Location "https://[HTTP::host]" "Set-Cookie" "MRHSession=0; expires=Tuesday, 29-Mar-1970 00:15:00 GMT" "Connection" "Close"] Will look around to see what I can find. I get your suggesting to use the APM ACCESS:: commands to kill the session then redirect. Thanks
- mikeshimkus_111Feb 25, 2015Historic F5 AccountRight, copied and pasted that from elsewhere. ACCESS::session remove should work, but you could try HTTP::respond instead of ACCESS::respond.
- Eric_Raff_11012Feb 25, 2015NimbostratusRight HTTP::respond worked but still have a couple issues. 1) it is not performing SAML Single Log Out, and as a result when I get the APM session killed, and 2) when I get redirected back to the HTTP::host, APM initiates a new SAML request and the IdP still has a session for me so it does not appear as the user was ever logged out as indeed they were not logged out from the IdP. That is what I like about the redirect to /my.logout.php3 that piece took care of the SAML Logout for me. So it is not quite as simple as killing the APM session then redirecting to the desired HOST in my use case. Need to have the SAML Single Log Out piece in there as well. Need a Redirect to /my.logout.php3 and then another redirect to the initial host somehow. Thanks
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects