12-Mar-2023 15:23
Hi,
iRule to decode SAML requests?
Is there an iRule out there, that would decode SAML requests? from the http requests that is.
Thanks,
28-Mar-2023 08:22 - edited 28-Mar-2023 08:25
Hi @Poseidon1974 - tagging my colleague @JRahm and MVP @Kai_Wilke because they are two experts in iRules and may be able to help out. Edit: and my colleague @Lucas_Thompson since you mentioned SAML.
30-Mar-2023 00:29
Hi,
Thanks for your feedback ;
28-Mar-2023 08:38
Fun question. A SAML request is typically URL encoded in redirect-binding and not encoded at all in POST-binding. This post describes how to decode something that's URL encoded:
https://community.f5.com/t5/codeshare/fully-decode-uri/ta-p/277666
For POST-binding it's in the HTTP body, so you'd need to collect the content using SSL::collect.
Keep in mind that when writing security related code it's easy to accidentally introduce vulnerabilities, so try to think about the service you're implementing like a security researcher / attacker.
As an alternative, the APM module for BIG-IP already has SAML support, so you can also just use the bulit-in functions that have already been well validated for security.
30-Mar-2023 00:29
Hi,
Thanks for your feedback,