For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

raZorTT's avatar
raZorTT
Icon for Cirrostratus rankCirrostratus
Jul 14, 2019

Deflate/decode the SAML request passed to the BIG-IP as an IdP

Hi,   I'm running 14.1.0 and was wondering if it was possible to deflate/decode the SAML request that is passed in the query string as part of an SP-initiated logon attempt?   I see the new A...
raZorTT's avatar
raZorTT
Icon for Cirrostratus rankCirrostratus
Jul 15, 2019

Hi Niels,

 

Thanks for your response and the link.

 

I had a suspicion that iRulesLX would be involved, given that I couldn't find anything like a ACCESS_SAML_STARTED event or similar.

 

I'm trying to identify the the issuer of the request so I can modify the APM logic based on where the request comes from.

 

I'm configuring APM to support IdP and SP initiate logins along the lines of this https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-saml-configuration-14-1-0/02.html

 

I have a 1:1 mapping of local IdP service to external SP, so I will see if I can force it by updating each local IdP entity ID to be something like {fqdn}/saml/idp/{issuer}

 

If that works, it's probably simpler than trying to pull it out of the SAML assertion anyway.

 

Cheers,

Simon