F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

gazZa23_174748's avatar
gazZa23_174748
Icon for Nimbostratus rankNimbostratus
Oct 21, 2014

SSO Credential Mapping

Hi there

 

I would like some help to pre-populate the username field within the Browser Logon Page of my access policy.

 

At the moment the flow is SAML Auth > SSO Credential Mapping > Browser Logon Page

 

SAML Auth Authentication action is working (the F5 is setup as a Service Provider) and the variable I would like to assign is the subject name within the assertion.

 

I added an SSO Credential Mapping where the SSO Token Username is Custom mcget {session.saml.last.identity}

 

Within the Browser Logon Page, the first field is Type = Text, Post Variable Name = username, Session Variable Name = username, Read Only = Yes

 

No matter what I try I can't seem to prepopulate the username. I've tried setting the session variable name to session.logon.last.username or session.saml.last.identity but it won't let me commit the change. I get a Error saying that the value session.logon.last.username is invalid

 

I would appreciate anyones help

 

Thanks very much

 

Best Regards

 

Gary

 

BIG-IP Access Policy Manager (APM)
deployment
devops
iApps
saml
security

1 Reply

  • Greg_Crosby_319's avatar
    Greg_Crosby_319
    Historic F5 Account
    Oct 21, 2014

    I believe the syntax to grab a session variable is expr {"[mcget {session.variable}]"}, might be the syntax being used is incorrect. A visual way to see the session value during logon is by creating a message box in your VPE with %{session.variable} as the message. The variable value will be returned as a message during logon (nothing is returned if session variable is blank).