When SSO Fails - Redirect user to logon page

Question

Hey everyone!&nbsp;
I’m having some issues with retriggering the clients to the initial APM logon page based on failed SSO logon. There is supposed to be a variable that triggers when SSO fails and I’m seeing it in my sessiondump based upon my SSO profile but the session variable defined in the following article: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/24.html is never set.&nbsp;
It should be the following variable: session.logon.last.username.sso.state&nbsp;
On my BIG-IP I have the following SSO State variable set:&nbsp;
&nbsp;
In our case this is not a Kerberos SSO and perhaps that is necessary to trigger the state variable (we use Client Initiated Form Based SSO).&nbsp;
What do I have to do to match the above variable?&nbsp;
I have tried numerous of different combinations, but none work. Including the original variable above.&nbsp;
I have even tried to create a session variable in the VPE based on the original variable but with the same result.&nbsp;
As soon as I can match that variable then I can send the correct redirect.&nbsp;

youssef1 · Answer

Hi Philip,&nbsp;
did you try a per-request-policy?&nbsp;
A simple empty box with a condition to the session variable "session.logon.last.username.sso.state".&nbsp;
if it does not work keep me informed, I have another alternative to correct this problem.&nbsp;
regards&nbsp;

Forum Discussion

When SSO Fails - Redirect user to logon page

1 Reply

Recent Discussions

Stable Firmware for F5

F5 VE in Azure - troubles with Sentinel integration

Need help on i-rule to specific uri path

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Related Content

irule uri traffic redirection failing

URI host header redirect failing

Anchor Link Redirect

HTTP error 503, DNS lookup failed

Re activate license failed