Client initiated SSO won't log out

Typo: everytime logout is clicked, it returns to /front.action

Hi,

Is this an app using LTM+APM or are you running this through portal access?

Either way I would use an iRule to fix this. The question is what do you want to happen when the click logout?

• Do you want the user to see the logon form but just not be SSOd back in?
• Do you want them to see another page that says "Thanks for logging out" with a link to the login page again?
• Do you want to close the browser on logout?
• Do you want them to see the APM logout page?

You will also need some way of telling that the user is logging out. Maybe the request has a query string in it or you actually hit a logout page that then redirects you to the logon page.

When you have that information decided then you can create an iRule similar to the one below to do what you need.

when HTTP_REQUEST {
    set close_browser 0
    if { [HTTP::query] contains "ACTION=LOGOUT" } {
        set close_browser 1
    }
}

when HTTP_RESPONSE {
    if { $close_browser eq 1 } {
        HTTP::respond 200 content "
            Logout Page
            
            
            You have successfully logged out.  Please close this page.
            
            "
        set close_browser 0 
    }
}

This iRule looks for a querystring of "ACTION=LOGOUT" on all requests and if it finds on then on the response back to the client (instead of sending back the logon page) we send a small page that will try to run the javascript close command and close it. If the javascript doesn't run then they get a small logout message.

Seth

Hi Seth, Yes that is a LTM+APM for an App. Ideally would be nice configure something to trigger the SSO once and only after the APM portal logon. Otherwise since we are doing a SSO, so a "Single Sign Out" i.e. user clicks "Log out" on the App page, that terminate the APM session completely and return to the APM logon page. Simply closing the browser might not be good enough as I tried. When you start the browser and go back to the same page APM session still seems to be valid to allow the user back in automatically. Thanks for the suggestions, I will give them a try. :)

Hi,

the following code is an example of logout solutions with irules for sharepoint.

when ACCESS_ACL_ALLOWED {
   switch -glob [string tolower [HTTP::path]] {
      "*/signout.aspx" {
          Disconnect session and redirect to APM logout Page
         ACCESS::respond 302 noserver Location "/vdesk/hangup.php3"
         return
      }
      "/_layouts/accessdenied.aspx" {
          Disconnect session and redirect to APM Logon Page
         if {[string tolower [HTTP::query]] contains "loginasanotheruser=true" } {
            ACCESS::session remove
            ACCESS::respond 302 noserver Location "/"
            return
         }
      }
      default {
          do nothing
      }
   }
}

the event will raise only when ACCESS_ACL_ALLOWED user is already authenticated.

there is 2 solutions sont close session:

• action ACCESS::session remove which remove session without any redirection. that's why I redirect user to / just after.
  • this initiate a new session in APM displaying login page.
• redirect user to /vdesk/hangup.php3 which is APM logout URL.
  • this will close the session and display logout page to user.