Forum Discussion

Nimbostratus

Nov 16, 2020

Solved

Decode SAML Response from IDP Server

Here is the traffic Flow : SP<===========>F5(VS/Pool)<=============>IDP Server(s) In this, SP see F5 as IDP ( F5 is acting as a proxy in front of IDP servers), Using irules, how can I ext...

Dario_Garrido
Nov 18, 2020
Hello Gogreen.

F5 has native iRules (v14.1+) to manage SAML assertion when it works as SP or IDP.
ACCESS_SAML_AUTHN – authentication request
ACCESS_SAML_ASSERTION – assertion
ACCESS_SAML_SLO_REQ – single logout request
ACCESS_SAML_SLO_RESP – single logout response

In your case (being a proxy) and assuming that your are offloading traffic (SSL Bridging), your only chance is to manage that communication as a regular HTTP connection with headers and payload, where SAML assertion will be located in the payload section (coded in base64).

Regards,
Dario.

Dario_Garrido

MVP

Nov 18, 2020

Hello Gogreen.

F5 has native iRules (v14.1+) to manage SAML assertion when it works as SP or IDP.

ACCESS_SAML_AUTHN – authentication request
ACCESS_SAML_ASSERTION – assertion
ACCESS_SAML_SLO_REQ – single logout request
ACCESS_SAML_SLO_RESP – single logout response

In your case (being a proxy) and assuming that your are offloading traffic (SSL Bridging), your only chance is to manage that communication as a regular HTTP connection with headers and payload, where SAML assertion will be located in the payload section (coded in base64).

Regards,

Dario.

Forum Discussion

Decode SAML Response from IDP Server

Recent Discussions

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

APM OCSP Responder Issues

no available managed rule groups for Israel il-central-1

[ASM] - what is "Browser Challange file" ?

Related Content

Decoding the IPv4 address from the persistence cookie

custom response page for api

Fully Decode URI

DNS Decoding

FIX Message Response