Forum Discussion

gogreen's avatar
Icon for Nimbostratus rankNimbostratus
Nov 16, 2020

Decode SAML Response from IDP Server

Here is the traffic Flow :   SP<===========>F5(VS/Pool)<=============>IDP Server(s)   In this, SP see F5 as IDP ( F5 is acting as a proxy in front of IDP servers), Using irules, how can I ext...
  • Dario_Garrido's avatar
    Nov 18, 2020

    Hello Gogreen.


    F5 has native iRules (v14.1+) to manage SAML assertion when it works as SP or IDP.

    • ACCESS_SAML_AUTHN – authentication request
    • ACCESS_SAML_ASSERTION – assertion
    • ACCESS_SAML_SLO_REQ – single logout request
    • ACCESS_SAML_SLO_RESP – single logout response


    In your case (being a proxy) and assuming that your are offloading traffic (SSL Bridging), your only chance is to manage that communication as a regular HTTP connection with headers and payload, where SAML assertion will be located in the payload section (coded in base64).