Forum Discussion

Bertrand_8797's avatar
Bertrand_8797
Icon for Nimbostratus rankNimbostratus
May 21, 2014

Logout URI in APM seems not work

Hi,

 

I'm using LT+APM mode to authenticate users on a web application. The url to connect on application is https://toto.com/. Once is connected to application he is able to deconnect with a logout button. I configured on my access policie a logout URI: /logout.jsp. When the users click on the logout, he is redirected to the correct page https://toto.com/logout.jsp After a times he tries to connect again to the web app https://toto.com, but the APM doesn't ask again a the client credentials. Normally, after the logout.jsp, the APM must delete session, but it seems not. Any idea about this ?

 

Beb

 

BIG-IP Access Policy Manager (APM)
logout
security
uri

4 Replies

Sort By
  • Vimal_12_4_19_3's avatar
    Vimal_12_4_19_3
    Icon for Nimbostratus rankNimbostratus
    Nov 15, 2018

    I am also getting the same problem. I have basic authentication APM with NTLM V2 SSO enabled. After the inactivity timeout reached,the browser is not directed to logout page (/logout.jsp). I have the "Logout URI Include" configuration included with the URI. But it is not redirecting when the inactivity timeout reaches.

     

    Also since it is basic auth, on refreshing the page, the browser takes the credentials passed earlier by the user and creates a new session with the APM. Can you help me on avaoiding this kind of behavior?

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 21, 2014

    Client side Kerberos authentication to APM? If yes, then the logout URI is probably functioning correctly, but you're browser is transparently fetching a new Kerberos ticket. You could check that with a client side capture utility like Fiddler or HTTPWatch. Look for a 401 from APM after clicking the logout URI and then trying another link.

     

  • Bertrand_8797's avatar
    Bertrand_8797
    Icon for Nimbostratus rankNimbostratus
    May 21, 2014

    Hi Kevin,

     

    My logout URI is /logout.jsp There is Kerberos authentication used and AD authentication.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 21, 2014

    Just a hunch, but what is your Logout URI Timeout? Once the user triggers a logout URI match, it'll wait for a specified amount of time before deleting the session. What kind of credentials do you require for this application?