Forum Discussion

Nimbostratus

May 02, 2019

Map SAML variable value to a specific user attribute.

Hello, I´m currently working on a setup that the users have to authenticate with external SAML IDP to access a webtop with some Portal access resources. The problem I´m facing are that I h...

application delivery

BIG-IP Access Policy Manager (APM)

Niels_van_Sluis

MVP

May 02, 2019

Not sure if this is an answer to your question, but with the Variable Assign agent you will fill the

session.logon.last.username

session variable with the content of a

session.saml

session variable, for example

session.saml.last.identity

. Then you will use the AD Query agent to perform an AD query like

(sAMAccountName=%{session.logon.last.username})

and fetch the AD attributes you need for this user.

It could also be that the IDP sends the e-mail address of the user, and you'll need to do a query on the AD using the e-mail address, to resolve the SAMAccountName. Either way you'll need some unique identifier that the IDP passes as an SAML attribute that helps you identify the user in your AD.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Map SAML variable value to a specific user attribute.

Recent Discussions

Unable to get Internet in server using SWG forward Proxy.

Upgrading BIGIP 2000S to R2600

NAT for specific IPs

VIP needed for many UDP ports

remove ssh after gtm_add/bigip_add/big3d_add ?

Related Content

iRules variables in BIG-IP Next: behavior change

Example of Static Variables with Virtual Server specific settings

Add SameSite attribute to APM Cookies

Lightboard Lessons: HTTP Cookie SameSite Attribute

iRule variable

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS