For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

amolari_4313's avatar
amolari_4313
Icon for Nimbostratus rankNimbostratus
Nov 27, 2017

session awareness saml sp

I have an ASM (v13.0) in front of an application which has a SAML SP role. I would like to use the session awareness feature but I can't find how. No iRule command to have it set in an iRule apparent...
ASM Advanced WAF
security
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Nov 29, 2017

you can try following steps :

 

  1. In HTTP_REQUEST, on SAML URL
    • parse the assertion to extract username (if existing)
    • Add HTTP header Authorization with username and a fake password
  2. In ASM, create a login URL with Basic authentication
  3. In HTTP_REQUEST_RELEASE
    • remove HTTP header Authorization

let us know if it works!