Forum Discussion

ELMELH's avatar
ELMELH
Icon for Nimbostratus rankNimbostratus
Apr 07, 2022

read SAML attributes

Hi  All,

In an iRule  we extract an attribute from an SAML.  if the the value of the attribute is a simple string we can get the value; but if the value is a complexe element we get the concatenation of all  values of the inside elements without the elment names.

For example:

if the value of the attribute is:

<saml2:Attribute Name="urn:be:fgov:ehealth:1.0:campus:site-number:campus:address" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xsi:type="xsd:anyType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<aa:Address Type="contact" xmlns:aa="urn:be:fgov:ehealth:aa:complextype:v1">
<aa:Street>
<aa:Description xml:lang="fr">Rue de bois</aa:Description>
</aa:Street>
<aa:HouseNumber>20</aa:HouseNumber>
<aa:Municipality>
<aa:ZipCode>9000</aa:ZipCode>
<aa:NSICode>44021</aa:NSICode>
<aa:Description xml:lang="fr">Gand</aa:Description>
<aa:Description xml:lang="nl">Gent</aa:Description>
<aa:Description xml:lang="de">Gent</aa:Description>
</aa:Municipality>
<aa:Country>
<aa:NSICode>150</aa:NSICode>
<aa:Description xml:lang="fr">Belgique</aa:Description>
<aa:Description xml:lang="nl">België</aa:Description>
<aa:Description xml:lang="de">Belgien</aa:Description>
</aa:Country>
</aa:Address>
</saml2:AttributeValue>
</saml2:Attribute> 

Then 

set address [ACCESS::session data get "session.saml.last.attr.name.urn:be:fgov:ehealth:1.0:campus:site-number:campus:address"]

 

will give the following value:

Rue de bois20900044021GandGentGent150BelgiqueBelgiëBelgien

Could you please advise on this?

Thanks

 

1 Reply

  • HI ELMELH 

    As I understood you are using APM as SAML SP , right ?

    Can you see what are the saml session variables APM Got ? 

    If APM got these values formatted in different session variables, it will be better to use them instead.

    Otherwise, if APM does not correctly get all variales I advise to use iRules LX to convert XML attribute  to a string.

    Regards