F5 custom logout issue hangup_error=1 loop

Marvin · ‎16-Aug-2022

We have APM with webtop, when pressing the logout button it should redirect to external decision page, and based on decision (continue/cancel) proceed or return to F5 webtop page.

We end up with the following loop issue

SP webtop generates logout to itself to hangup.php3?hangup_error=1
with an Irule we redirect this request to external IDP to display informative page with decisions (cancel/continue).
while pressing cancel on external page it is redirected back to the F5 SP full webtop URL correctly
however after that the F5 again send it back to hangup_error=1 and same steps(1-3) continue, how should we prevent this or is this even technically possible.

So my conclusion so far while F5 is handling a logout request requesting back the webtop url is not possible, why is it the case and why do we always get the hangup_error=1?

note: when we normally open webtop and browse to external page and then open webtop there is no issue, this has to do with the logout functionality from F5 (java script).

Is this supported should we open a support case?
----

Editors Note: This question was inadvertently edited directly - restored on 29-Aug-2022.
This is the final version of the question provided by @Marvin on ‎17-Aug-2022 00:45.
Thanks to @Nikoolayy1 for bringing this issue to our attention - your comment/help has been added inline below.

JRahm · ‎18-Aug-2022

what's your iRule look like? Can you post a sanitized copy of it here? Also, are SP/IDP on different devices or shared?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

Marvin · ‎18-Aug-2022

It is like this user clicks on logout from webtop, the Irule (very simple) redirects the hangup.php3 in HTTP request to external decision making page (external webserver), here return back to referer header (full webtop uri) by clicking decline return. Because (I assume) the F5 still thinks it is in process of logout it again sends a logout request to hangup.php, instead of that we would like to stop the logout process. Perhaps some javascripting is running in background for this and F5 APM doesnt like the fact that we send a request to full webtop URI while in process of logging out, can we overrule this?

Nikoolayy1 · ‎29-Aug-2022

Maybe you are not deleting the F5 APM session after the redirect , so maybe look at the article below that seems as similar issue:
https://community.f5.com/t5/technical-forum/apm-logout-uri-with-redirect-back-to-my-policy/td-p/2264...

Also maybe test deleting the F5 APM cookie "HTTP::cookie remove MRHSession" before doing the redirection as maybe the cookie is not removed between the redirect and return to the webtop or if does not work to set them expired before returning the redirect to the browser the web browser to replace their values as shown in the articles below.

https://community.f5.com/t5/technical-forum/apm-sso-cookie-caching-issue/td-p/264221
https://community.f5.com/t5/technical-forum/irule-to-clear-session-when-traversing-to-new-apm-profil...

Marvin · ‎22-Aug-2022

that is exactly the case we dont want to close session and then redirect to external Page where we make the decision to close or cancel the logout request.

LiefZimmerman · ‎29-Aug-2022

Restoring original question and adding @Nikoolayy1 's response inline here...though it will be out of order. Then I will sort out the permissions.

Nikoolayy1 · ‎16-Oct-2022

If you managed to get the needed answers, please flag the question as answered.

DevCentral

F5 custom logout issue hangup_error=1 loop

Khoros Kudos Award 2022