cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

APM with AAD OAuth - user is captive in the session even after Logout

Jorge_Manya
Altocumulus
Altocumulus

Hello guys:

 

I have configured AAD OAuth with F5 APM and the access works like a charm. As always, in order to finish the session, I click on the Logout button. Therefore, the F5 APM takes me to the web page that says your session is finished and it asks me to click on another link (AKA click here). But, when I click on click here in order to establish a new session, I go to the webtop again without using the credentials neither being redirected to the Microsoft cloud for authentication. It seems like the session parameters are still saved in the browser. In fact, I need to clear the browser navigation data to be able to logging in using credentials. How could I tell Microsoft AAD that I clicked on the Logout button in the webtop and it must delete all the session parameters from the browser? I am not sure if I need to configure a logout URI in the Access Profile. I have unsuccessfully tested by adding the https://login.microsoftonline.com/common/oauth2/logout and https://mysite.com/my.logout.php3 URLs in the Logout URL section in the AAD application.

 

Any advice is really appreciated.

 

Thanks...!

 

Jorge

1 REPLY 1

Dave_W
F5 Employee
F5 Employee

Hello, yes, it you want the session to be removed when you hit those URIs you should use the Logout URI field. You can also do this in an iRule.