For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

patonbike's avatar
patonbike
Icon for Cirrus rankCirrus
Sep 16, 2020

Help sending APM SAML info back to pool member

I am trying to reformat SAML assertion data received through t he APM and send the info back to the pool member in a format that the pool member understands.

I am able to get the data I need and put it into a variable. For example:

when ACCESS_POLICY_COMPLETED {
set membernumber [ACCESS::session data get "session.saml.last.attr.name.membernumber"]
log local0. "$membernumber"
}

When I go to try to use that variable later on , it is not available. 

when HTTP_REQUEST {
if { [info exists membernumber]  } {
 log local0. "$membernumber"
}

Should this be available during other events?

I have also tried https://support.f5.com/csp/article/K00379500 which is inserting the saml assertion info into a header... But I am not seeing this header actually getting passed back to the pool member. What am I missing?

I have tried doing some logging.. and the data I need/want is there during ACCESS_POLICY_COMPLETED but after ACCESS_POLICY_COMPLETED the data gets lost somehow.

BIG-IP Access Policy Manager (APM)
devops
iRules

2 Replies

    • patonbike's avatar
      patonbike
      Icon for Cirrus rankCirrus
      Sep 16, 2020

      Thanks, that is helpful. The only thing I can't seem to do is convert the request going to the backend server from a GET to a POST, but I am now able to pass the values through either inthe form of a header or a GET request.