For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Doug_129661's avatar
Doug_129661
Icon for Nimbostratus rankNimbostratus
Sep 04, 2013

Manipulate SAML assertion data

I am new to F5 technology so I am not sure if this is areasonable question or not.   I wondered if it is possible to collect all the SAML data from the ID provider and then post that XML data to ...
application delivery
design
devops
iRules
security
Stéphane_PICARD's avatar
Stéphane_PICARD
Icon for Nimbostratus rankNimbostratus
Feb 08, 2017

Hello all,

coming back to this old but very interesting (to me) post. The I-rule proposed by Kevin works fine for me and i have been able to insert an HTTP HEADER with the assertion i am looking for thanks to :

when ACCESS_ACL_ALLOWED {
 if { [ACCESS::session data get session.saml.last.sent] == "" } {
    ACCESS::session data set session.saml.last.sent 1
    HTTP::header insert MY_HTTP_HEADER_CITY [ACCESS::session data get session.saml.last.attr.name.city]
 }
}

However, and this is due to the fact that i admit all this is not crystal clear to me at all, i am wondering why this header is set only "in the FIRST request to the server" and also if i could have it set for each and every request.

I guess this is due to ACCESS_ACL_ALLOWED event happening only once but...having said that and even after reading the documentation related to this event :

ACCESS_ACL_ALLOWED – triggered right after HTTP_REQUEST (and before CACHE_REQUEST, not included in this drawing) for a request that has been allowed by ACLs. ACCESS checks the request for a valid session, valid policy result, and then evaluates ACLs. If ACL allows a request, it raises ACCESS_ACL_ALLOWED before releasing the request to the upper layers.

this is still not clear to me. Any help would therefore be welcomed.

Thanks a lot.

With Regards