Are you an expert? Interested in presenting at F5 AppWorld 2024? Submit a proposal by Nov 29th!
The following is more a solution than a question I want to share with you.
We had a customer with a SAML-SP config on the F5 which is working properly.
Since some weeks more and more users are complaining that they cannot login to the application anymore.
After a longer troubleshooting session the reason for this was found in the Chrome Browser starting of version 85.x (August 2020 Stable Tree).
It is described here:
And can be tested here:
Now the customer was using an irule which was doing SAML-SLO for some special applications, for this he was checking for the referer header sent from the browser.
The Chrome v85 was not sending the full path anymore in the referer header and the SAML-SSO and SAML-SLO was therefore not working properly because of the special irule used described above.
Just in case you have the same kind of problems you might check the new default Referrer-Policy of Chrome.
Maybe other browser vendors will follow soon with this, who knows.
I hope it helps someone to solve problems like "some users cannot login anymore to the app" etc...
Well "question" above is answered 😉