iRule to Convert SAML Assertion To Header Based for Autorization

According to the APM manual you should be able to access the SAML assertions through the session variables. See below.

Access Policy Manager as a SAML Service Provider (SP)

When you use APM as a SAML service provider, APM consumes SAML assertions (claims) and validates their trustworthiness. After successfully verifying the assertion, APM creates session variables from the assertion contents. In an access policy, you can use these session variables to finely control access to resources and to determine which ACLs to assign. Based on the values of session variables, you can create multiple branches in the policy, assigning different resources and different ACLs on each branch. When it runs, the access policy follows a branch depending on the values of session variables.

Then you could use the following code snippet, to add the SAML assertions to the cookie use set the HTTP header.

https://devcentral.f5.com/s/articles/insert-header-for-apm-policy