Forum Discussion

Nimbostratus

Jan 18, 2017

Need help filling in the missing pieces for my SAML SP to LDAP Query scenario.

Let me start off by saying that I am pretty new to administering the F5 APM and F5 technology in general. With that being said here is what I'm trying to accomplish: I am trying to set up a new ...

BIG-IP Access Policy Manager (APM)

security

Jad_Tabbara__J1

Cirrostratus

Jan 19, 2017

Hello,

You will need first to retrieve SAML attributes after the SAML Auth.

Just add a "Variable Assign" block with following information :

session.logon.last.identity = Session Variable session.saml.last.attr.name.identity

Then you must format the variable by splitting it. You can either do it using an "irule event" or directly within the VPE using TCL.

From the VPE : add a new entry to your variable assign block with the following custom expression

set identity  [mcget {session.logon.last.identity}]
set table [split $identity \]
return [lindex $table 1]

The returned value will be the username from "domain\username". Assign this returned value to variable "session.logon.last.username" that you will use after to make the LDAP Query.

The SSO Cred. Mapping, will set following SSO variables session.sso.token.last.username and session.sso.token.last.password. These variables are used in the SSO Objects if used... You need to set them with the correct values in order to authenticate on load-balanced server.

Hope that it helps

Regards

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)