APM Request AWS AccessKey - assume-role-with-saml

I'm using APM as a SAML IdP for federation into the AWS console. It's IdP initiated SAML so users authenticate and land on a webtop where they select the AWS SAML resource. I'd like to expand this solution to allow federated users to get AWS access keys from the STS API via APM. To make this API call, I need to extract the base64 encoded SAML assertion and pass it inside the JSON payload.

I can extract the unsigned assertion from APM session variables but I haven't found a way to sign it with an iRule. I've also tried to pull the SAML response being sent to the user but have been unsuccessful. Any suggestions would be appreciated.