For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Feb 01, 2018

Hi Teddy,

you may take a look to the iRule below...

when ACCESS_ACL_ALLOWED {
     Removing any ocourence of user provided X-P headers (for security reasons)
    HTTP::header remove "X-P" 
     Injecting the SAML nameid value as new X-P header (for SSO purposes)
    HTTP::header insert "X-P" [ACCESS::session data get "session.saml.last.attr.name.nameid"]
     log local0.debug "Debug: Insert HTTP-Header X-P=[ACCESS::session data get "session.saml.last.attr.name.nameid"]"
}

The iRule removes at first any user provided X-P HTTP-header instance (for security purposes) and then copies the value of the APM variable "session.saml.last.attr.name.nameid" into a new "X-P" HTTP-header.

Cheers, Kai