Forum Discussion
SAML session variables in APM: how to dump them?
Hello, I need to print a list of all APM Session variables related to SAML as IdP. I have a working configured APM as an IdP and at some point I would like to access the content of the variable session.saml.last.assertion. How to I access all the variable?
Thanks Paolo
boneyardMVP
where do you need to print them? in the log? would an log event in the VPE be an option?
HamishCirrocumulus
If you just need it from the command line on the fly you can use sessiondump to get a list of all the session variables for a session (Or all sessions).
H
- The APM log is fine. I tried with a VPE logging block, but it does not print anything. Looking around and playing with APM as SP too I found out that the SP is populating those kind of variable and you can access them and log them? The IdP is not doing the same. Moreover, the SAML debug log appears to be broken in every TMOS release but not 11.4.0HF4 which should be the right release to use up to now for stuff related to SAML.
- kj07208_118528
Cirrus
The best option is to use the Reports but another thing that you might need to look is your Idp set to Log Level = debug you'll get more details. Set logging level for IdP > Saml IdP > Edit IdP set log level = Debug For the reports Access Policy > Reports To see the APM use a putty session and run tail -f /var/log/apm
- amolari
Cirrostratus
Trying the same (v12.0) but neither sessiondump nor report shows the session.saml* variables.
IdP object, log level=debug... Access-profile+sso=debug.
Thanks
Alex
- Kevin_Stewart
Employee
An APM IdP doesn't create session.saml variables. Only the SP will do that.
