Forum Discussion
NimbostratusDecode SAML Response from IDP Server
Here is the traffic Flow :
SP<===========>F5(VS/Pool)<=============>IDP Server(s)
In this, SP see F5 as IDP ( F5 is acting as a proxy in front of IDP servers), Using irules, how can I extract one of the attributes from the SAML response sent from IDP ?
Hello Gogreen.
F5 has native iRules (v14.1+) to manage SAML assertion when it works as SP or IDP.
- ACCESS_SAML_AUTHN – authentication request
- ACCESS_SAML_ASSERTION – assertion
- ACCESS_SAML_SLO_REQ – single logout request
- ACCESS_SAML_SLO_RESP – single logout response
In your case (being a proxy) and assuming that your are offloading traffic (SSL Bridging), your only chance is to manage that communication as a regular HTTP connection with headers and payload, where SAML assertion will be located in the payload section (coded in base64).
Regards,
Dario.
3 Replies
Dario_GarridoNoctilucent
Hello Gogreen.
F5 has native iRules (v14.1+) to manage SAML assertion when it works as SP or IDP.
- ACCESS_SAML_AUTHN – authentication request
- ACCESS_SAML_ASSERTION – assertion
- ACCESS_SAML_SLO_REQ – single logout request
- ACCESS_SAML_SLO_RESP – single logout response
In your case (being a proxy) and assuming that your are offloading traffic (SSL Bridging), your only chance is to manage that communication as a regular HTTP connection with headers and payload, where SAML assertion will be located in the payload section (coded in base64).
Regards,
Dario.
- Norris
Thanks for the information
- boneyard
MVP
please flag the question as answered if it was, it helps other recognize the status.
