For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sonny's avatar
Sonny
Icon for Cirrus rankCirrus
Nov 19, 2015

SAML IDP using CAC auth

I've setup as an IDP and have a VS with an access policy that prompts for the user's CAC. I want to take the EDPI number(10-digit) of the CAC and pass it on the SP as an attribute in the assertion. The default assertion subject value does not have an option...only the 6 below: Is there a way?

 

%{session.ad.last.attr.name} %{session.ad.last.attr.sAMAccountName} %{session.ad.last.attr.userPrincipalName} %{session.logon.last.logonname} %{session.logon.last.username} %{session.sso.token.last.username}

 

application delivery
BIG-IP
BIG-IP Access Policy Manager (APM)

4 Replies

  • RobertWebb_7911's avatar
    RobertWebb_7911
    Icon for Nimbostratus rankNimbostratus
    Nov 19, 2015

    I have had to grab the EDPI before but it has been a while so I am a little foggy on exactly how I did.

     

    But from what I recall, I created a custom variable then parsed put the EDIPI from the CN.

     

    If you have trouble figuring out hot to do it, I will try and look back though my notes. It has been about a year since I had to do it, and I am no longer doing F5 work.

     

  • Sonny's avatar
    Sonny
    Icon for Cirrus rankCirrus
    Nov 19, 2015

    Yes, if you could go though your notes that would be appreciated.

     

  • MichaelatF5's avatar
    MichaelatF5
    Icon for Employee rankEmployee
    Nov 19, 2015

    Sonny, please feel free to reach out to your account team offline. We do not like to post Federal configuration documents on DC, but they are readily available.

     

    If you aren't sure who to reach out to, You can message me direct and I can get you in touch with the right team.