Forum Discussion
gogreen
Nimbostratus
NimbostratusDecode SAML Response from IDP Server
Here is the traffic Flow :
SP<===========>F5(VS/Pool)<=============>IDP Server(s)
In this, SP see F5 as IDP ( F5 is acting as a proxy in front of IDP servers), Using irules, how can I extract one of the attributes from the SAML response sent from IDP ?
Hello Gogreen.
F5 has native iRules (v14.1+) to manage SAML assertion when it works as SP or IDP.
- ACCESS_SAML_AUTHN – authentication request
- ACCESS_SAML_ASSERTION – assertion
- ACCESS_SAML_SLO_REQ – single logout request
- ACCESS_SAML_SLO_RESP – single logout response
In your case (being a proxy) and assuming that your are offloading traffic (SSL Bridging), your only chance is to manage that communication as a regular HTTP connection with headers and payload, where SAML assertion will be located in the payload section (coded in base64).
Regards,
Dario.
Hello Gogreen.
F5 has native iRules (v14.1+) to manage SAML assertion when it works as SP or IDP.
- ACCESS_SAML_AUTHN – authentication request
- ACCESS_SAML_ASSERTION – assertion
- ACCESS_SAML_SLO_REQ – single logout request
- ACCESS_SAML_SLO_RESP – single logout response
In your case (being a proxy) and assuming that your are offloading traffic (SSL Bridging), your only chance is to manage that communication as a regular HTTP connection with headers and payload, where SAML assertion will be located in the payload section (coded in base64).
Regards,
Dario.
NorrisThanks for the information
boneyardMVP
please flag the question as answered if it was, it helps other recognize the status.