CoyH_249729
Feb 28, 2017Nimbostratus
iRule help for APM logout with ReturnURL redirect
We are in need of assistance on an iRule for our APM logout function. Today we have a SAML iDP configuration with various applications using the F5 as the iDP. We want to logout of the iDP and then follow the ReturnURL provided by the SP.
Today we have two scenarios:- When you log out it takes you back to the login screen of APM (default behavior)
- We send a hardcoded redirect to a single page.
Desired result:
- SP chooses ReturnURL
- SP sends client to https://idp.domain.com/logout?ReturnURL=https://app1.domain.com
- APM logout occurs
- Client is redirected to whatever return URL provided https://app1.domain.com
Current iRule to at least send the client to a page showing they have logged out.
when ACCESS_ACL_ALLOWED {
if { [HTTP::path] starts_with "/logout" } {
ACCESS::session remove
ACCESS::respond 302 Location "http://www.domain.com/pages/logout" "Set-Cookie" "MRHSession=0; expires=Tuesday, 29-Mar-1970 00:15:00 GMT" "Connection" "Close"
}
}