18-Feb-2021 14:33
We are using the following iRule to include SamAccountName header:
when ACCESS_ACL_ALLOWED {
#Add Username as a Session Variable to be called below
if { [ACCESS::session data get session.saml.last.result] == 1 } {
set name [ACCESS::session data get "session.saml.last.attr.name.SamAccountName"]
HTTP::header insert SamAccountName "$name"
HTTP::header insert WL-Proxy-Client-IP [IP::client_addr]
}
Application owners have discovered the SamAccountName can be modified in the header and the user logging in will be different.
We are looking for a solution to write an iRule that would strip out the initial SamAccountName header information and replace it.
27-Feb-2021 02:43
that would be HTTP::header replace or first HTTP::header delete and then HTTP::insert to make sure you don't have double ones.
