session awareness saml sp

Question

I have an ASM (v13.0) in front of an application which has a SAML SP role.
I would like to use the session awareness feature but I can't find how. No iRule command to have it set in an iRule apparently (I could parse the assertion). 
Thank you for any tips&nbsp;
Alex&nbsp;

boneyard · Answer

do you mean this session awareness feature:
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-0-0/15.html&nbsp;

amolari · Answer

yes&nbsp;

boneyard · Answer

i kinda wonder if that will work. from what i recall on session awareness is that ASM has to detect the login process, create a login page configuration for that. with a SP it will redirect to the IdP for the login process. the ASM might see the SAML assertion but not actual login.&nbsp;
my experience with that functionality is limit and the few times i tried the pages weren't create in just the right way for ASM to detect the login.&nbsp;

stanislas_piro2 · Answer

you can try following steps :&nbsp;

In HTTP_REQUEST, on SAML URL
parse the assertion to extract username (if existing)Add HTTP header Authorization with username and a fake password 
In ASM, create a login URL with Basic authentication
In HTTP_REQUEST_RELEASE
remove HTTP header Authorization

let us know if it works!&nbsp;

Forum Discussion

session awareness saml sp

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

Happy Cybersecurity Awareness Month!

Identity-Aware decisions with JA4+

Cybersecurity Awareness Month, Pokémon and Oracle's CPU

Zero Trust Access with F5 Identity Aware Proxy and Crowdstrike Falcon

Identity-Aware Proxy in the Public Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS