Hello,
You are using F5 as a SP. further you've stated the IDP SLO URL is linked to a button. Therefore I assume you wanted to do the IdP-initiated SLO. it's IdP which should send a logout request to the F5 SP.
If you want the SP initiated SLO (F5 logs out), it's not a simple user request to the SLO URL. Best approach is to use a hangup link ( /vdesk/hangup.php3)
we've set up several environments using F5 APM SAML and here are some things to be aware
- you need to configure SLO url AND SLO Reply URL for the idp-connector, note the F5 APM uses different endpoints for SLO request and SLO reply
- logout requests must be signed (correct certificates need to be set up)
- watch the /var/log/apm log file to troubleshoot the SAML processing
- there's an issue on the F5 it doesn't return the RelayState correctly (depends on the version used) and some IdPs don't like it
Best regards
Gabriel