Forum Discussion
Samuel_Rydén
Altocumulus
AltocumulusHow do I determine SP origin on a BigIP IdP
Background: We have a BigIP 14.1 environment, and we've set up an idp to respond to https://idp.domain.com, where only the IdP Entity ID differs, such as https://idp.domain.com/service1, https://idp...
Hi Samuel
How did you go with delv3chio's solution? Wish that was around 9 months ago ;)
We have an iLX plugin that inflates/parses the incoming SAML assertion. It grabs the issuer and/or the ACS url and we then make decisions in the policy based on the returned results.
Cheers,
Simon
raZorTT
Cirrostratus
CirrostratusHi Samuel
How did you go with delv3chio's solution? Wish that was around 9 months ago ;)
We have an iLX plugin that inflates/parses the incoming SAML assertion. It grabs the issuer and/or the ACS url and we then make decisions in the policy based on the returned results.
Cheers,
Simon
Samuel_RydénAltocumulus
AltocumulusHi,
Thank you, yes I ended up using an iLX plugin that inflates (when needed) and parses the incoming SAML assertion as well, based on some proof of concept I found somewhere. I then set a session variable and use it later in an iRule to determine which kind of IDP to send it off to.
The code is okay, but the approach seems a bit gritty to me. We run 16.1.3 nowadays and I don't actually know if this is still the best approach, or if some session variable is set behind the scenes nowadays, the idp set up has just worked since. 🙂
Sorry for the late response, I actually couldn't find back to the article after some changes. Only found back to the forums because somebody gave me Kudos. So thanks. 🙂