Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

raZorTT's avatar
raZorTT
Icon for Cirrostratus rankCirrostratus
Jul 14, 2019

Deflate/decode the SAML request passed to the BIG-IP as an IdP

Hi,   I'm running 14.1.0 and was wondering if it was possible to deflate/decode the SAML request that is passed in the query string as part of an SP-initiated logon attempt?   I see the new A...
raZorTT's avatar
raZorTT
Icon for Cirrostratus rankCirrostratus
Jul 14, 2019

Hi Niels,

 

Thanks for your response and the link.

 

I had a suspicion that iRulesLX would be involved, given that I couldn't find anything like a ACCESS_SAML_STARTED event or similar.

 

I'm trying to identify the the issuer of the request so I can modify the APM logic based on where the request comes from.

 

I'm configuring APM to support IdP and SP initiate logins along the lines of this https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-saml-configuration-14-1-0/02.html

 

I have a 1:1 mapping of local IdP service to external SP, so I will see if I can force it by updating each local IdP entity ID to be something like {fqdn}/saml/idp/{issuer}

 

If that works, it's probably simpler than trying to pull it out of the SAML assertion anyway.

 

Cheers,

Simon