F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

RandyTittleman's avatar
RandyTittleman
Icon for Altostratus rankAltostratus
Jul 16, 2019

iRule to Convert SAML Assertion To Header Based for Autorization

I'm hoping the community can help me out. I am new to F5 BIG-IP APM and iRules and I hope I make sense. Here is my scenario.   We have acquired Centrify for SSO authentication. However, we have a...
Niels_van_Sluis's avatar
Niels_van_Sluis
Icon for MVP rankMVP
Jul 16, 2019

According to the APM manual you should be able to access the SAML assertions through the session variables. See below.

 

Access Policy Manager as a SAML Service Provider (SP)

When you use APM as a SAML service provider, APM consumes SAML assertions (claims) and validates their trustworthiness. After successfully verifying the assertion, APM creates session variables from the assertion contents. In an access policy, you can use these session variables to finely control access to resources and to determine which ACLs to assign. Based on the values of session variables, you can create multiple branches in the policy, assigning different resources and different ACLs on each branch. When it runs, the access policy follows a branch depending on the values of session variables.

 

Then you could use the following code snippet, to add the SAML assertions to the cookie use set the HTTP header.

 

https://devcentral.f5.com/s/articles/insert-header-for-apm-policy