iRule help for APM logout with ReturnURL redirect

Question

We are in need of assistance on an iRule for our APM logout function.  Today we have a SAML iDP configuration with various applications using the F5 as the iDP.  We want to logout of the iDP and then follow the ReturnURL provided by the SP.
Today we have two scenarios:

When you log out it takes you back to the login screen of APM (default behavior)We send a hardcoded redirect to a single page.
Desired result:
SP chooses ReturnURL SP sends client to https://idp.domain.com/logout?ReturnURL=https://app1.domain.comAPM logout occursClient is redirected to whatever return URL provided https://app1.domain.com
Current iRule to at least send the client to a page showing they have logged out.
    when ACCESS_ACL_ALLOWED {
      if { [HTTP::path] starts_with "/logout" } {
        ACCESS::session remove
        ACCESS::respond 302 Location "http://www.domain.com/pages/logout" "Set-Cookie" "MRHSession=0; expires=Tuesday, 29-Mar-1970 00:15:00 GMT" "Connection" "Close"
      }
    }

niels_van_sluis · Answer

Something like this?
when ACCESS_ACL_ALLOWED {
    if { [HTTP::path] starts_with "/logout" } {
        set return_url [URI::query [HTTP::uri] ReturnURL] 
        ACCESS::session remove
        ACCESS::respond 302 Location $return_url "Set-Cookie" "MRHSession=0; expires=Tuesday, 29-Mar-1970 00:15:00 GMT" "Connection" "Close"
    }
}

Forum Discussion

iRule help for APM logout with ReturnURL redirect

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Configure F5 ASM Logout page

Anchor Link Redirect

url redirect

APM/SAML Logout.

iRule redirection