GregH.00578 (Customer) asked a question.
SLO with f5 Load Balancer
We have a custom app sitting behind an f5 that I am trying to get SLO working on.
Okta sees the f5 as the SP. The app sees the f5 as the IDP.
So when a user logs out of the app, the session between the app & the f5 gets killed, but Okta doesn't see it.
I need to make the f5 pass this along to okta & end the user session with Okta.
The documentations states:
Single Logout URL — the URL for the SLO return. This is a URL on the service provider where Okta sends its sign out response (as a POST operation). If the SP doesn't have a specific SLO URL, the main SP URL can be used.
Is the "main SP URL" the ACS URL?
Hello @GregH.00578 (Customer) Thank you for reaching out to our Community!
That is correct, if there is no designated SLO URL on the SP side, you need to use the ASC Url or SSO Url. However please also keep in mind that you will also need an encryption certificate so that the SLO can be properly done from F5 to Okta.
We recommend to also discuss with F5 Support on this matter and to provide additional guidance if necessary and if this feature between Okta and F5 is supported by them.
Hope this helps!