16-Aug-2022
08:50
- last edited on
29-Aug-2022
09:04
by
LiefZimmerman
We have APM with webtop, when pressing the logout button it should redirect to external decision page, and based on decision (continue/cancel) proceed or return to F5 webtop page.
We end up with the following loop issue
So my conclusion so far while F5 is handling a logout request requesting back the webtop url is not possible, why is it the case and why do we always get the hangup_error=1?
note: when we normally open webtop and browse to external page and then open webtop there is no issue, this has to do with the logout functionality from F5 (java script).
Is this supported should we open a support case?
----
Editors Note: This question was inadvertently edited directly - restored on 29-Aug-2022.
This is the final version of the question provided by @Marvin on 17-Aug-2022 00:45.
Thanks to @Nikoolayy1 for bringing this issue to our attention - your comment/help has been added inline below.
18-Aug-2022 10:29
what's your iRule look like? Can you post a sanitized copy of it here? Also, are SP/IDP on different devices or shared?
18-Aug-2022 10:46
It is like this user clicks on logout from webtop, the Irule (very simple) redirects the hangup.php3 in HTTP request to external decision making page (external webserver), here return back to referer header (full webtop uri) by clicking decline return. Because (I assume) the F5 still thinks it is in process of logout it again sends a logout request to hangup.php, instead of that we would like to stop the logout process. Perhaps some javascripting is running in background for this and F5 APM doesnt like the fact that we send a request to full webtop URI while in process of logging out, can we overrule this?
29-Aug-2022 08:58
Maybe you are not deleting the F5 APM session after the redirect , so maybe look at the article below that seems as similar issue:
https://community.f5.com/t5/technical-forum/apm-logout-uri-with-redirect-back-to-my-policy/td-p/2264...
Also maybe test deleting the F5 APM cookie "HTTP::cookie remove MRHSession" before doing the redirection as maybe the cookie is not removed between the redirect and return to the webtop or if does not work to set them expired before returning the redirect to the browser the web browser to replace their values as shown in the articles below.
https://community.f5.com/t5/technical-forum/apm-sso-cookie-caching-issue/td-p/264221
https://community.f5.com/t5/technical-forum/irule-to-clear-session-when-traversing-to-new-apm-profil...
29-Aug-2022 08:54
Restoring original question and adding @Nikoolayy1 's response inline here...though it will be out of order. Then I will sort out the permissions.
16-Oct-2022 04:18
If you managed to get the needed answers, please flag the question as answered.