Forum Discussion

hpr's avatar
hpr
Icon for Altostratus rankAltostratus
Jul 30, 2021

Howto extract SAML NameID from AuthnRequest

Hi Gurus,   I'm about to implement a SP-initiated SAML connection to our BigIP APM, set up as IdP, currently v15.1.2, eagerly awaiting some bug resolutions for the upgrade to 16.1.   I want to su...
application delivery
BIG-IP Access Policy Manager (APM)
iRules
saml
Peter_Baumann's avatar
Peter_Baumann
Icon for Cirrostratus rankCirrostratus
Aug 10, 2021

It seems that the only way to get the entered username in a SAML SP Initiated session is to read the referrer header and get the username parameter out of it.

See here:

https://devcentral.f5.com/s/question/0D51T00006lTl96/autofill-username-for-office-365-federation

and here:

https://devcentral.f5.com/s/question/0D51T00006i7iXISAY/apm-branch-rule-based-on-referring-url

 

The problem today is that modern browsers are limiting the data in the referrer header with the referrer-policy described here:

https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default

 

I already tried to set a "no-referrer-when-downgrade" Referrer-Policy header with a irule but APM seems to overwrite it.

 

So how can we change the Referrer-Policy header in APM to get to a solution above?

 

Thanks,

Peter