Forum Discussion

JOSECCZ_261067's avatar
JOSECCZ_261067
Icon for Nimbostratus rankNimbostratus
May 20, 2016

SSO logout process with f5

We are using a salesforce application that uses f5 as SSO IDP. Every time a user logs out it gets the next error messsage from https://hsc-idp-camino.health.unm.edu/saml/idp/profile/post/sls

 

The requested file was not found on the server. Please contact system administrator!

 

Question 1: How can we do to change the content of this message?

 

Question 2: We might like to redirect to another webpage instead of showing this message. How can this be done?

 

Thanks in advance Jose C. Cabrera Zuniga

 

BIG-IP
BIG-IP Access Policy Manager (APM)
cloud

8 Replies

  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    May 21, 2016

    Hi,

     

    Looks like, The Single Logout is missing on your idp.

     

    Did you configure it in your IDP profile on F5 ?

     

    • JOSECCZ_261067's avatar
      JOSECCZ_261067
      Icon for Nimbostratus rankNimbostratus
      May 23, 2016
      SLO is configured on the IdP but it may not be configured correctly. The configuration that is in place on the IdP… SLO Request URL: blank SLO Response URL: https://hsc-idp-camino.health.unm.edu/saml/idp/profile/post/slr …is able to end the sessions both in the F5 and in SF when the user logs out of SF. However, it also results in the error that you are seeing. The information in the SF Single Sign-On Implementation Guide (Winter '16), "Start, Login, and Logout URL Values" and "Customize SAML Start, Error, Login, and Logout Pages" sections are not clear as to how to configure the Identity Provider Logout URL and the Custom Error URL fields in the SF SAML SSO Settings configuration page Can you please give us more details about how to do this configuration? Thanks
    • Yann_Desmarest_'s avatar
      Yann_Desmarest_
      Icon for Nacreous rankNacreous
      May 23, 2016
      The following is the url of the SLO request : https://hsc-idp-camino.health.unm.edu/saml/idp/profile/post/sls
    • Yann_Desmarest_'s avatar
      Yann_Desmarest_
      Icon for Nacreous rankNacreous
      May 23, 2016
      Are you sure that you are using the same binding method on both SP and IDP : POST or REDIRECT ?
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    May 21, 2016

    Hi,

     

    Looks like, The Single Logout is missing on your idp.

     

    Did you configure it in your IDP profile on F5 ?

     

    • JOSECCZ_261067's avatar
      JOSECCZ_261067
      Icon for Nimbostratus rankNimbostratus
      May 23, 2016
      SLO is configured on the IdP but it may not be configured correctly. The configuration that is in place on the IdP… SLO Request URL: blank SLO Response URL: https://hsc-idp-camino.health.unm.edu/saml/idp/profile/post/slr …is able to end the sessions both in the F5 and in SF when the user logs out of SF. However, it also results in the error that you are seeing. The information in the SF Single Sign-On Implementation Guide (Winter '16), "Start, Login, and Logout URL Values" and "Customize SAML Start, Error, Login, and Logout Pages" sections are not clear as to how to configure the Identity Provider Logout URL and the Custom Error URL fields in the SF SAML SSO Settings configuration page Can you please give us more details about how to do this configuration? Thanks
    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      May 23, 2016
      The following is the url of the SLO request : https://hsc-idp-camino.health.unm.edu/saml/idp/profile/post/sls
    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      May 23, 2016
      Are you sure that you are using the same binding method on both SP and IDP : POST or REDIRECT ?