Forum Discussion

jitu's avatar
jitu
Icon for Nimbostratus rankNimbostratus
Jul 05, 2017

F5 APM with specific not all SAML SP initiated connection issue, cause iRule execution fail, TCP reset with F5 Version 12.1.2 HF1

We have a problem with a specific SP initiated SAML request. iRule execution fail   Problem details   We have F5 APM as a IDP setup. Single IDP with multiple SP. One of the specific SP initi...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
security
Daniel_Varela's avatar
Daniel_Varela
Icon for Employee rankEmployee
Jul 06, 2017

Hi, This can cause you problems

when HTTP_REQUEST priority 30  {
log local0. "HTTP Path= [HTTP::path]"
log local0. "Access policy result= [ACCESS::policy result]"
            >>>>>>if {"[ACCESS::policy result]" eq "allow"}

You should specify the sessionid from the MHRSession when using ACCESS commands in HTTP_REQUEST events (in general out of ACCESS events) otherwise you will get an error. Other option for you is do the same validation but within ACCESS_ACL_ALLOWED as it takes by default the session id evaluated in that request.

I used more this command: ACCESS::session exists -state_{allow|deny|redirect|inprogress} -sid