High Speed Logging in Access policy for Okta SAML

Hi and thanks mate

I have worked it out with a combination of what you provided and my own stuff.

Likely this isn't the best way to do it but it works at least.. 😉

Thanks for your help though.... Much appreciated.

when RULE_INIT {
    set static::debug 0
    set static::first_http 1
}
 
when ACCESS_ACL_ALLOWED {
    set oktaUser [ACCESS::session data get "session.saml.last.identity"]
    if { $static::debug } { log local0. "id is $oktaUser" }
    if { !([HTTP::header exists "OKTA_USER"]) } {
        HTTP::header insert "OKTA_USER" $oktaUser
    }
    
    set oktaFirstName [ACCESS::session data get "session.saml.last.attr.name.FirstName"]
    if { $static::debug } { log local0. "id is $oktaFirstName" }
    if { !([HTTP::header exists "OKTA_FIRSTNAME"]) } {
        HTTP::header insert "OKTA_FIRSTNAME" $oktaFirstName
    }
 
    set oktaLastName [ACCESS::session data get "session.saml.last.attr.name.LastName"]
    if { $static::debug } { log local0. "id is $oktaLastName" }
    if {!([HTTP::header exists "OKTA_LASTNAME"]) } {
        HTTP::header insert "OKTA_LASTNAME" $oktaLastName
    }
    
    set oktaEmail [ACCESS::session data get "session.saml.last.attr.name.Email"]
    if { $static::debug } { log local0. "id is $oktaEmail" }
    if { !([HTTP::header exists "OKTA_EMAIL"]) } {
        HTTP::header insert "OKTA_EMAIL" $oktaEmail
    }
 
    set hsl [HSL::open -publisher /Common/hslsyslog]
    if { $static::first_http } {
        HSL::send $hsl "Client=[IP::client_addr] connection accepted."
        HSL::send $hsl "OKTA_USER Value=[HTTP::header value OKTA_USER]"
        HSL::send $hsl "OKTA_USERNAME Value=[HTTP::header value OKTA_USERNAME]"
        HSL::send $hsl "OKTA_FIRSTNAME Value=[HTTP::header value OKTA_FIRSTNAME]"
        HSL::send $hsl "OKTA_LASTNAME Value=[HTTP::header value OKTA_LASTNAME]"
        HSL::send $hsl "OKTA_EMAIL Value=[HTTP::header value OKTA_EMAIL]"
        set static::first_http 0
    }
}