Forum Discussion

patonbike's avatar
patonbike
Icon for Cirrus rankCirrus
Aug 10, 2020

Get/log APM SAML session attributes?

Is there a way to list all of the session variables or attributes?

 

 

 

For example

ACCESS::session data get "session.saml.last.attr.name.<attribute_name>"

What if I do not know what attributes are being asserted to me as the Service provider (SP)?

 

 

 

 

  • Hi,

    I think the question needs some more information.

    Are you trying to log these at the IdP or at the SP?

    I assume that the F5 has a virtual server with APM attached as the IdP?

    An application that is behind an F5 virtual server but using SAML to auth with the IdP, you will not be able to use the iRule command that you mentioned in your question as the virtual server doesn't have an Access Policy attached.

    • patonbike's avatar
      patonbike
      Icon for Cirrus rankCirrus

      Sorry I will try to clarify. We are acting as the SP. We're receiving an assertion from the IdP. I don't know exactly what attributes are being passed over from the IdP. I'd like to send these values back to our pool members in an HTTP header (which will be encrypted). I'm wondering if there is some way to just dump the whole assertion to APM log or something temporarily, so I can look at it and then determine which attributes to send back to the pool members via headers.

       

      This is the article which deals in sending SAML attributes to pool members through headers:

      https://support.f5.com/csp/article/K00379500

       

      I saw this, which seems like it might be what I want to see, but it is only for v14, we are running v12 right now:

      ACCESS::saml assertion

       

       

      • Dan_E's avatar
        Dan_E
        Icon for Altostratus rankAltostratus

        Hi, I haven't done much with F5 as the SP. That command does look like what you want, may need to ask F5 support what you can use in v12.