Forum Discussion
When SSO Fails - Redirect user to logon page
Hey everyone!
I’m having some issues with retriggering the clients to the initial APM logon page based on failed SSO logon. There is supposed to be a variable that triggers when SSO fails and I’m seeing it in my sessiondump based upon my SSO profile but the session variable defined in the following article: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/24.html is never set.
It should be the following variable: session.logon.last.username.sso.state
On my BIG-IP I have the following SSO State variable set:
In our case this is not a Kerberos SSO and perhaps that is necessary to trigger the state variable (we use Client Initiated Form Based SSO).
What do I have to do to match the above variable?
I have tried numerous of different combinations, but none work. Including the original variable above.
I have even tried to create a session variable in the VPE based on the original variable but with the same result.
As soon as I can match that variable then I can send the correct redirect.
- youssef1Cumulonimbus
Hi Philip,
did you try a per-request-policy?
A simple empty box with a condition to the session variable "session.logon.last.username.sso.state".
if it does not work keep me informed, I have another alternative to correct this problem.
regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com