Access denied error when trying to retrieve saml token from html body

Praque, you appear to have several posts relating to the same thing. Can you break down the required process a bit more, maybe with some diagrams?

Hi Kevin,

I want to retrieve the saml token from html body. Attached the code and log. i need to retrive the value from html body.

Please advice, how to retrieve the value from html body.

Code used:

when CLIENT_ACCEPTED { Get the defined pool for this VIP set default_pool [LB::server pool]

 Set an initial lookup flag
set gotpath 1

}

when HTTP_REQUEST { set d2 [getfield [HTTP::host] "." 2] set d3 [getfield [HTTP::host] "." 3] set d4 [getfield [HTTP::host] "." 4] set d5 [getfield [HTTP::host] "." 5] set d6 [getfield [HTTP::host] "." 6] set d7 [getfield [HTTP::host] "." 7] set domain ""

  foreach part "$d2 $d3 $d4 $d5 $d6 $d7" {
     set domain [format "%s.%s" $domain $part]
  }

    On first request (lookup flag exists) perform lookup
 if { $gotpath == 1 } {

     Save the original request
    set request [HTTP::request]

     Change URI for sideband lookup
    HTTP::uri "/iam/code.asp"

     Change pool to point to sideband web service
    pool Rachel_Test_208

  }   

 if { $gotpath == 0 } {
    HTTP::cookie insert name "SMSESSION" value $smsession path "/" domain $domain
    HTTP::uri "/affwebservices/public/saml2sso?SPID=service_provider&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 }

}

when HTTP_RESPONSE { If response from web service if { [HTTP::cookie exists "SMSESSION"] } { set smsession "[HTTP::cookie value SMSESSION]" log local0. "smsession$smsession" set gotpath 0 }

}

Log

A bit more please. Example:

1. User accesses primary app VIP and is prompted for credentials
2. User posts credentials
3. VIP sends sideband request with user credentials to internal service
4. Internal service sends back auth token
5. VIP inserts auth token into request to primary app
6. ...

Based on all of the previous posts, I'm starting to get a sense of what needs to happen, but if you can articulate exactly what needs to happen, when it needs to happen, and who it happens to, we can better support your requirements.

Hi Kevin,

Please find the additional details

1.User accesses primary app VIP and is prompted for credentials

2.User posts credentials

3.VIP sends sideband request with user credentials to internal service

4.Internal service sends back saml token

5.VIP inserts saml token into request to primary app

1. primary app receives the saml token and generate siteminder cookie

    

2. Using the siteminder cookie, User can able to see the primary app landing page

    

Regards, Praque

Hi All, I have used HTTP::Payload to retrieve the Saml Token, but i received only Half of the value from page, but remaining page values are not displaying using the payload option. Please advise on this.

Rule SM_SAML : requestpayload SAML 2.0 Auto-POST form Your browser does not support JavaScript. Please click the 'Continue' button below to proceed.

Praque,

Still not 100% clear on what you're trying to accomplish here, but here are some recommendations.

• The $d2-$d7 and foreach loop seem to be deriving the domain value from the requested Host header, given that the Host is a 7-level name. You can more easily accomplish the same thing with the domain command:

  set domain [domain [HTTP::host] 6]
  

• You're likely only getting part of the payload in the HTTP_RESPONSE because it's exceeding a single TCP packet. You need to issue an HTTP::collect command in the HTTP_RESPONSE event, which will buffer the output and trigger the HTTP_RESPONSE_DATA event:

  when HTTP_RESPONSE {
       If response from web service 
      if { [HTTP::cookie exists "SMSESSION"] } { 
          set smsession "[HTTP::cookie value SMSESSION]" 
          log local0. "smsession$smsession" 
          set gotpath 0
          HTTP::collect [HTTP::header Content-Length] 
      }   
  }
  when HTTP_RESPONSE_DATA {
       Full payload should be available here in [HTTP::payload]
  }
  

Hi Kevin, shall we get into a call and discuss. i have fiddler session. i will send the attachment. Please give ur phone number and mailid. i tried using the HTTP::collect and payload. But still i receiving the half of the payload.

when HTTP_RESPONSE {

 if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 4048576}{
      set content_length [HTTP::header "Content-Length"]
} else {
      set content_length 2048576
}
 Check if $content_length is not set to 0
if { $content_length > 0} {
      log local0. "content_length$content_length"
      HTTP::collect $content_length
}   

}

when HTTP_RESPONSE_DATA { Full payload should be available here in [HTTP::payload] log local0. "httpresponse::[HTTP::payload]" }

Payload: