Johan_Lång
Mar 16, 2020Cirrus
Solved
SAML SLO Error
BIGIP is acting SP to an IDP. This IDP is one of our authentication methods to the Webtop. For instance, if you are logging out with the Logout-button from the webtop a samlrequest is sent to ...
- Mar 16, 2020
Seems like the IDP didnt understood "ResponseLocation". The Reponse was sent to Location rather than ResponseLocation, this is something BIGIP does default:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<bigip>/saml/sp/profile/post/sls" ResponseLocation="https://<bigip>/saml/sp/profile/post/slr">
Temporarily i made an irule that makes an 307 response from /saml/sp/profile/post/sls to /saml/sp/profile/post/slr instead.
Waiting for the IDP to update bigips metadata with only:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<bigip>/saml/sp/profile/post/slr">
Could this cause any trouble?