Forum Discussion
Programatically configure SAML attributes using an iRule
I know I can use 'ACCESS::saml assertion' to send a completely custom assertion but I'd like to avoid it if possible.
Have a look at the attached screen shot for what I mean by multiple values. You are able to add multiple values to a single attribute so the resulting assertion will look something like the snippet below. So rather than adding a delimited string to a single value I want to split it out to multiple values but there doesn't seem to be a way to do that programmatically.
I hope that makes sense.
<saml2:AttributeStatement>
<saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Name="portalRole" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">SM1</saml2:AttributeValue>
<saml2:AttributeValue xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">SM2</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
Never mind. I just realised that separating by "|" actually does produce multiple values. I must have been having some other issue causing it to not work under certain use cases.
- Nolan_JensenAug 09, 2022Cirrostratus
Ty_John,
Can you provide me a screen shot of how you were able to use | to seperate multiple saml attributes? I have tried to do so many times in the place you have in your screen shot but will not seperate them like it says it should.
Thanks
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com