Forum Discussion

Nimbostratus

May 02, 2019

Map SAML variable value to a specific user attribute.

Hello, I´m currently working on a setup that the users have to authenticate with external SAML IDP to access a webtop with some Portal access resources. The problem I´m facing are that I h...

application delivery

BIG-IP Access Policy Manager (APM)

Niels_van_Sluis

MVP

May 02, 2019

Not sure if this is an answer to your question, but with the Variable Assign agent you will fill the

session.logon.last.username

session variable with the content of a

session.saml

session variable, for example

session.saml.last.identity

. Then you will use the AD Query agent to perform an AD query like

(sAMAccountName=%{session.logon.last.username})

and fetch the AD attributes you need for this user.

It could also be that the IDP sends the e-mail address of the user, and you'll need to do a query on the AD using the e-mail address, to resolve the SAMAccountName. Either way you'll need some unique identifier that the IDP passes as an SAML attribute that helps you identify the user in your AD.

Forum Discussion

Map SAML variable value to a specific user attribute.

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Example of Static Variables with Virtual Server specific settings

Add SameSite attribute to APM Cookies

Lightboard Lessons: HTTP Cookie SameSite Attribute

Set the SameSite Attribute for LTM Persistence Cookies

iRule variable