APM with AAD OAuth - user is captive in the session even after Logout

Question

Hello guys:&nbsp;I have configured AAD OAuth with F5 APM and the access works like a charm. As always, in order to finish the session, I click on the Logout button. Therefore, the F5 APM takes me to the web page that says your session is finished and it asks me to click on another link (AKA click here). But, when I click on click here in order to establish a new session, I go to the webtop again without using the credentials neither being redirected to the Microsoft cloud for authentication. It seems like the session parameters are still saved in the browser. In fact, I need to clear the browser navigation data to be able to logging in using credentials. How could I tell Microsoft AAD that I clicked on the Logout button in the webtop and it must delete all the session parameters from the browser? I am not sure if I need to configure a logout URI in the Access Profile. I have unsuccessfully tested by adding the https://login.microsoftonline.com/common/oauth2/logout and https://mysite.com/my.logout.php3 URLs in the Logout URL section in the AAD application. &nbsp;Any advice is really appreciated.&nbsp;Thanks...!&nbsp;Jorge

dave_w · Answer

Hello, yes, it you want the session to be removed when you hit those URIs you should use the Logout URI field. You can also do this in an iRule.

Forum Discussion

APM with AAD OAuth - user is captive in the session even after Logout

1 Reply

Recent Discussions

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Two-Factor Authentication – Captive Portal

Configure F5 ASM Logout page

Ending an APM session when browser tab is closed

Agility sessions announced

TLS Stateful vs Stateless Session Resumption