Forum Discussion

Dan_E's avatar
Dan_E
Icon for Altostratus rankAltostratus
Aug 11, 2020

Hi,

I think the question needs some more information.

Are you trying to log these at the IdP or at the SP?

I assume that the F5 has a virtual server with APM attached as the IdP?

An application that is behind an F5 virtual server but using SAML to auth with the IdP, you will not be able to use the iRule command that you mentioned in your question as the virtual server doesn't have an Access Policy attached.

  • patonbike's avatar
    patonbike
    Icon for Cirrus rankCirrus
    Aug 11, 2020

    Sorry I will try to clarify. We are acting as the SP. We're receiving an assertion from the IdP. I don't know exactly what attributes are being passed over from the IdP. I'd like to send these values back to our pool members in an HTTP header (which will be encrypted). I'm wondering if there is some way to just dump the whole assertion to APM log or something temporarily, so I can look at it and then determine which attributes to send back to the pool members via headers.

     

    This is the article which deals in sending SAML attributes to pool members through headers:

    https://support.f5.com/csp/article/K00379500

     

    I saw this, which seems like it might be what I want to see, but it is only for v14, we are running v12 right now:

    ACCESS::saml assertion

     

     

    • Dan_E's avatar
      Dan_E
      Icon for Altostratus rankAltostratus
      Aug 11, 2020

      Hi, I haven't done much with F5 as the SP. That command does look like what you want, may need to ask F5 support what you can use in v12.

    • patonbike's avatar
      patonbike
      Icon for Cirrus rankCirrus
      Aug 12, 2020

      Seems like they should be getting logged under:

      Access policy -> Event logs -> Access system logs -> Session reports -> All sessions -> View Session Variables and then expanding down into:

      session.saml.last.attr.NAME

       

      It might be that they're not getting passed over yet and that is why I am not seeing them. There's a whole slew of stuff there, just no attributes.

       

      I'll update when I figure it out.

       

      • mannymekala's avatar
        mannymekala
        Icon for Nimbostratus rankNimbostratus
        Dec 29, 2022

        Wondering if you managed to figure it yet? please share.