Forum Discussion

Nimbostratus

Jan 07, 2014

Single Logout Request URL

We have setup the F5 APM to act as an IdP for Citrix Sharefile and have Single Sign On working. However when we create the IdP SAML and setup the external SP it created Single Logout Request and Res...

BIG-IP Access Policy Manager (APM)

single logout request

Ben_Newport_102

Nimbostratus

Mar 25, 2014

We found the same issue, but it isn't just that ShareFile doesn't support SLO its the fact that it sends to the logout URL framed which the F5 doesn't allow. We found that in some browsers we weren't actually getting logged out with MarkD's suggestion so we point it at a generic uri "/sharefile-logout" and break out the frame and then kill the session with the following iRule:

when HTTP_REQUEST { if {[HTTP::uri] equals "/sharefile-logout"} { HTTP::respond 200 content "Logging out.. " } }

when ACCESS_ACL_ALLOWED { if {[HTTP::uri] equals "/saml/sp/profile/post/sls/sharefile"} { ACCESS::session remove } }

This worked in all browsers and versions that we tested.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Single Logout Request URL

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

single slot multiple core vs multiple slot single core

Client request sent to Single server

Zero Trust building blocks - Leverage F5 NGINX Plus Single Sign-On (SSO) and F5 XC

APM/SAML Logout.

Logging of DNS Requests and Responses without a DNS license

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS