Forum Discussion

Nimbostratus

Nov 16, 2020

Solved

Decode SAML Response from IDP Server

Here is the traffic Flow : SP<===========>F5(VS/Pool)<=============>IDP Server(s) In this, SP see F5 as IDP ( F5 is acting as a proxy in front of IDP servers), Using irules, how can I ext...

Dario_Garrido
Nov 18, 2020
Hello Gogreen.

F5 has native iRules (v14.1+) to manage SAML assertion when it works as SP or IDP.
ACCESS_SAML_AUTHN – authentication request
ACCESS_SAML_ASSERTION – assertion
ACCESS_SAML_SLO_REQ – single logout request
ACCESS_SAML_SLO_RESP – single logout response

In your case (being a proxy) and assuming that your are offloading traffic (SSL Bridging), your only chance is to manage that communication as a regular HTTP connection with headers and payload, where SAML assertion will be located in the payload section (coded in base64).

Regards,
Dario.

Dario_Garrido

Noctilucent

Nov 18, 2020

Hello Gogreen.

F5 has native iRules (v14.1+) to manage SAML assertion when it works as SP or IDP.

ACCESS_SAML_AUTHN – authentication request
ACCESS_SAML_ASSERTION – assertion
ACCESS_SAML_SLO_REQ – single logout request
ACCESS_SAML_SLO_RESP – single logout response

In your case (being a proxy) and assuming that your are offloading traffic (SSL Bridging), your only chance is to manage that communication as a regular HTTP connection with headers and payload, where SAML assertion will be located in the payload section (coded in base64).

Regards,

Dario.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)