Hi Massimo,
correct me if I'm wrong, but I searched on the whole thread and I didn't find any information about SAML on initial question and following comments.
The answer provided from Kai may not work because of this missing but required information.
So now, Can you provide any informations required to help you troubleshoot.
- Where is the IdP? on the BigIP?
- Where are SP? on the BigIP?
when you ask to logout with SLO enabled, the process is the following:
- user request an access to Service1 --> redirect to IdP for authentication with assertion
- user authenticate on IdP --> redirect to SP Service1 with assertion
- user request an access to Service2 --> redirect to IdP for authentication with assertion
- user is already authenticated on IdP --> redirect to SP Service1 with assertion
- user request a logout on Service2 --> redirect to IdP for logout
- user request a logout on IdP --> redirect to Service1 for logout
- user request a logout on Service1 --> redirect to IdP to confirm Logout
- user request a logout on IdP --> redirect to Service2 to confirm Logout of all SP which used same session
- user request a logout on Service2 --> The session on Service2 is closed only when this request is received on APM
If One SLO request fails, the session is not closed on Service2
Nimbostratus
