APM SAML IdP - SP Issuer Extraction

Problem this snippet solves: APM doesn't expose any detail about the SAML SP Issuer when authentication requests hitting APM as an IdP during an SP initiated SAMLRequest. This iRule when applied to...
Published Apr 06, 2016
Version 1.0
BIG-IP Access Policy Manager (APM)
devops
idp
iRules
saml
Kris__109062's avatar
Kris__109062
Icon for Nimbostratus rankNimbostratus
Sep 18, 2018

you can't deflate in an irule (that I know of)

 

You need to urldecode, deflate & base64decode when the SAML SP uses Redirect Binding

 

I used this to get started and then found out I needed deflate.

 

set get_payload_data [b64decode [URI::decode [URI::query [HTTP::uri] SAMLRequest]]]

 

Also, I needed to update the original irule here because some SP's Auth request looked like this..

 

saml2:issuer

 

.. which didn't match so I changed to..

 

set SAML_Issuer_loc [string first ":issuer" [string tolower $SAMLdata]]