Forum Discussion

Nimbostratus

Oct 10, 2017

Update SAML attributes

Hello, I would like to know if it's possible to update a SAML attribute on an existing session when the F5 is used as IdP. Here is the scenario: 1 - User ask to login in SP-A. 2 -...

application delivery

BIG-IP Access Policy Manager (APM)

saml

security

Abdessamad1

Cirrostratus

Oct 10, 2017

I can already update the session variable via an iRule, that's no the problem.

The thing is that the saml attribute is somehow fixed the first time it is set (even if it's configured to use the session variable).

Here is an extract of my irule:

when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/saml/idp/profile/redirectorpost/sso" }{
        if { [HTTP::cookie exists MRHSession] and [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] } {
            set oauthResp [call oauthCall]
            ACCESS::session data set session.oauth.access_token [call key2value $oauthResp access_token]
        }
    }
}

But the F5 is using the same attribute values it got the first time, the variable update is no taken into account

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)