Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

iRule to decode SAML requests

Poseidon1974
Altocumulus
Altocumulus

Hi,

iRule to decode SAML requests?

Is there an iRule out there, that would decode SAML requests? from the http requests that is.

Thanks,

 

4 REPLIES 4

Leslie_Hubertus
Community Manager
Community Manager

Hi @Poseidon1974 - tagging my colleague @JRahm and MVP @Kai_Wilke because they are two experts in iRules and may be able to help out. Edit: and my colleague @Lucas_Thompson since you mentioned SAML.

Hi,

Thanks for your feedback ;

Lucas_Thompson
F5 Employee
F5 Employee

Fun question. A SAML request is typically URL encoded in redirect-binding and not encoded at all in POST-binding. This post describes how to decode something that's URL encoded:

https://community.f5.com/t5/codeshare/fully-decode-uri/ta-p/277666

For POST-binding it's in the HTTP body, so you'd need to collect the content using SSL::collect.

Keep in mind that when writing security related code it's easy to accidentally introduce vulnerabilities, so try to think about the service you're implementing like a security researcher / attacker.

As an alternative, the APM module for BIG-IP already has SAML support, so you can also just use the bulit-in functions that have already been well validated for security.

Hi,

Thanks for your feedback,