APM logout

Question

Hi all.&nbsp;
I have a question about APM and detection of logout.
In our solution we have APM authenticate users to our backend application server and here everything works fine.
The issue is that users log out using a logout button on the application itself, and this logout button requests the client to send the following to APM:&nbsp;
GET /CAisd/pdmweb.exe?SID=360979796+FID=1+OP=LOGOUT+PREFS_ATTRS=WEB_POPUP1_HEIGHT%2CWEB_POPUP1_WIDTH%2CWEB_POPUP2_HEIGHT%2CWEB_POPUP2_WIDTH%2CWEB_POPUP3_HEIGHT%2CWEB_POPUP3_WIDTH%2CWEB_POPUP4_HEIGHT%2CWEB_POPUP4_WIDTH%2CWEB_ROLE_ID+PREFS_VALS=941%2C1843%2C784%2C1152%2C840%2C2064%2C630%2C2064%2C400009&nbsp;
We also see that the client sends this uri at the same time:
GET /CAisd/pdmweb.exe?SID=360979796+FID=1+OP=LOGOUT&nbsp;
I have tested using the normal Logout setting on the access profile, with no luck. I also see that the SID parameter changes for every login/logout.&nbsp;
Hope someone in here can give me a hint how to proceed.&nbsp;

woytaz · Answer

Hi,
I think that you need to write a iRule that will detect in the request OP=LOGOUT and redirect to the /vdesk/hangup.php3&nbsp;

niels_van_sluis · Answer

Try something like this:
when ACCESS_ACL_ALLOWED {
    if { [HTTP::uri] contains "OP=LOGOUT" } {
        ACCESS::session remove
        HTTP::redirect "https://[HTTP::host]"
    }
}

Forum Discussion

APM logout

2 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

APM/SAML Logout.

Configure F5 ASM Logout page

APM Access Policy -- Logout URI include

APM logout issue [resolved]

APM variable assign examples