Add Subject element to the AuthnRequest

Question

I need to configure the BIG-IP as a SP and need to add a Subject element to the AuthnRequest. I can't figure out where to configure this. I'm trying to add something like the following to the SAML request:

urn:collab:person:some-organisation.example.org:m1234567890

Hope someone can point me in the right direction.
Best regards,
Niels

keesvandenbos · Answer

Niels,&nbsp;
Isn't this configured under advanced setting (SMAL SP service) and then from the dropdown menu (Name-Identifier Policy Format)???
There you can select urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
In the SP Name-Identifier Qualifier you can construct your answer from sessions variables of fixed values.&nbsp;
Cheers,&nbsp;
Kees&nbsp;

niels_van_sluis · Answer

No, these are not the same. The 'SPNameQualifier' is part of the 'Issuer' element and relates to the 'Entity ID'.&nbsp;

niels_van_sluis · Answer

Currently it isn't possible to add a Subject element to the AuthnRequest through the Config Utility or tmsh. But with iRulesLX I managed to add the Subject element to the original SAMLRequest that the BIG-IP produces. Use the link below to get the code.&nbsp;
https://devcentral.f5.com/codeshare/surfconext-second-factor-only-sfo-authentication-1012&nbsp;

Forum Discussion

Add Subject element to the AuthnRequest

3 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Illegal Metacharacter in Parameter Name in Json Data

Cisco TACACS+ Config on ISE LTM Pair

AS3 declaration to set cookie to preferred

SSL Bridging and FQDN rewrite Policy

Checking for X-Forwarded-For against an Address Data-Group

Related Content

IPFIX Elements

X509 Subject Formatting

Howto extract SAML NameID from AuthnRequest

Cerificate bundles - list of subject names

iApp elements in iControl (bigsuds)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS