Apr 07, 2022

read SAML attributes

Hi  All,

In an iRule  we extract an attribute from an SAML.  if the the value of the attribute is a simple string we can get the value; but if the value is a complexe element we get the concatenation of all  values of the inside elements without the elment names.

For example:

if the value of the attribute is:

<saml2:Attribute Name="urn:be:fgov:ehealth:1.0:campus:site-number:campus:address" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xsi:type="xsd:anyType" xmlns:xsi="">
<aa:Address Type="contact" xmlns:aa="urn:be:fgov:ehealth:aa:complextype:v1">
<aa:Description xml:lang="fr">Rue de bois</aa:Description>
<aa:Description xml:lang="fr">Gand</aa:Description>
<aa:Description xml:lang="nl">Gent</aa:Description>
<aa:Description xml:lang="de">Gent</aa:Description>
<aa:Description xml:lang="fr">Belgique</aa:Description>
<aa:Description xml:lang="nl">België</aa:Description>
<aa:Description xml:lang="de">Belgien</aa:Description>


set address [ACCESS::session data get ""]


will give the following value:

Rue de bois20900044021GandGentGent150BelgiqueBelgiëBelgien

Could you please advise on this?



    As I understood you are using APM as SAML SP , right ?

    Can you see what are the saml session variables APM Got ? 

    If APM got these values formatted in different session variables, it will be better to use them instead.

    Otherwise, if APM does not correctly get all variales I advise to use iRules LX to convert XML attribute  to a string.