Access Troubleshooting: BIG-IP APM OIDC integration

Table of Contents Introduction Implementation and troubleshooting Check the logs Case 1: Connection reset after authentication Troubleshooting steps: Case 2: Expired JWT Key...

Published Jul 08, 2024

Version 1.0

application delivery

devops

security

series-f5-access-security

Verified Designs

momahdy

Employee

Principal Technical Marketing Engineer - Focus on BIG-IP

View Profile

momahdy

Employee

Jul 31, 2024

Hi sinum ,
The intention of such URI is to clear user session as you mentioned due to the timeout value, you ca use this iRule to change this URI to the main one.

when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}

    when HTTP_REQUEST {

    if { [HTTP::uri] equals "/vdesk/hangup.php3" } {
        ACCESS::session remove
        HTTP::redirect "/"
    }
    }

let me know how it goes.

sinum

Altostratus

Jul 31, 2024

Thanks for the response, but this is based on http trigger, is there any way to redirect automatically landinguri instead of waiting for client action ?

momahdy
Employee
Jul 31, 2024
There's a mention by another gentleman in this forum about editting the logout page to point to initial landing page, it's about customizing the logout.inc in the Access profile settings.
APM access policy default logout URI override based on landing URI? | DevCentral

Some important considerations when upgrading APM with advanced customized profile.
https://my.f5.com/manage/s/article/K38601341

Access Troubleshooting: BIG-IP APM OIDC integration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS