Forum Discussion
iRule to Change HTML "Name" Attribute in VPE
I am attempting to have an iRule that will change the HTML while in the VPE.
We have an application that uses SAML and is looking for the "name" attribute to be "user," but our SAML IdP's name attribute is "username." This is important because the application allows credential caching, but it is hard coded to only allow caching for that specific value. I've been reading up on the STREAM expression to do this, but can't seem to figure out how to have the F5 do it since it is redirecting to the IdP.
We were able to do this with IIS, but would rather have the F5 handle it.
The other thought was to create a custom login screen on the F5 that would have the name attribute set correctly, but I can't figure out how to post to our ADFS SAML IdP.
Update: I've been looking into the STREAM expressions, but apparently those have a bug when being used by APM as described in https://support.f5.com/csp/article/K12558. It doesn't appear that we have LTM installed on the same machine as APM because we don't have the option for "Host" in the destination box. When I log into the local (non-DMZ) LTM, it does have that option available.
I've also tried using HTML_TAG_MATCHED, but it appears to only trigger the iRule AFTER the submit button is clicked on the form. From the documentation, it doesn't sound like that should be the way it happens - the example shows replacing jpg images with png, so it would need to happen on page load unless I am misunderstanding it.
https://devcentral.f5.com/wiki/iRules.HTML-tag-attribute.ashx
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-concepts-11-4-0/9.html
Thanks!
Hi,
That's not easy because most of the time SAML assertion are signed, maybe encrypted, Base64 encoded, Gzipped, ...
The best would be to add a new attribute that fit the requirement of your application
Yann
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com