For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

event

454 Topics

tcl logic in SAML Attribute value field possible?
Hi. We're running BigIP as a SAML IDP. Can I somehow issue tcl logic in a SAML attributes? I'm talking about the Access ›› Federation : SAML Identity Provider : Local IdP Services, editing an object, under SAML Attributes. Based on what's in the memberOf attribute, I need to issue as a value either empty string or "SpecificValue". I am familiar with the %{session.variable} construct, but I don't want to clutter the session with more variables if I can avoid it, as that impacts all sessions using our IDP (30 or so federated services on the same VIP and AP). I tried these two approches: %{ set result {} ; if { [mcget {session.ad.last.attr.memberOf}] contains {| CN=SpecificGroup,OU=Resource groups,OU=Groups,DC=Domain,DC=com |}} { set result {SpecificValue} } ; return $result } expr { set result {} ; if { [mcget {session.ad.last.attr.memberOf}] contains {| CN=SpecificGroup,OU=Resource groups,OU=Groups,DC=Domain,DC=com |}} { set result {SpecificValue} } ; return $result } Expected result: An issued claim with the value "" or "SpecificValue" Actual result: An issued claim with the above code as the value As I mentioned, we've set it up using one VIP that is hosting 30 or so services. We're running 16.1.3.1. They are using the same SSO configuration and there's an iRule triggerd at ACCESS_POLICY_AGENT_EVENT, which does some magic to extract issuer and suchlike, and that helps to make decisions later in the Access Policy. It also populates a few session variables under the session.custom namespace for use in the Access Policy. Additional session variables are being populated in the Access Policy, such as resolved manager and their email address. I have looked briefly at the ASSERT::saml functions, but even if it would be possible to manipulate that way, I wish to keep this set up as stream lined as possible and with as few new "special cases" in an iRule. So while I appreciate pointers along that route as well, I would first of all like to know if there is a way to do it natively in the SAML attribute value field. And if there are any options I have not yet explored here?
Samuel_Rydén
Oct 24, 2025 Place Technical Forum
1.1KViews
0likes
6Comments
Kostas Injeyan - October 2025 Featured Member
Welcome to our Featured Members Series. This month we are spotlighting Kostas Injeyan, who has been an amazing contributor to the DevCentral Community.
Melissa_C
Oct 14, 2025 Place DevCentral News
312Views
11likes
4Comments
F5 AppWorld 2026 Registration - early bird pricing.
Join us March 10–12 at Fontainebleau Las Vegas and Meet the Moment at F5 AppWorld 2026. Connect with your community and explore how the F5 Application Delivery and Security Platform gives you control without compromise. Over three days you will experience inspiring keynotes, learn new approaches in breakouts, deepen your skills in hands-on labs, and connect with peers, F5 leaders, and partners. Register early and save: Conference pass: $499 Conference pass + F5 Academy labs: $899 Team pass: 4 for the price of 3 Take advantage of early bird pricing and register today! We look forward to seeing you in Vegas. Your DevCentral Team. --- ** Early bird pricing expires Feb 13, 2026.
LiefZimmerman
Oct 13, 2025 Place DevCentral News
312Views
4likes
3Comments
ASM subsystem error
Hello, I have an application log says: Sep 16 18:32:29 MY-F5 crit g_server_rpc_handler.pl[5494]: 01310027:2: ASM subsystem error (asm_config_server.pl,(eval)): Couldn't pass call to async process - ignoring - I need to know what it means and how to troubleshoot.
AxisPay
Sep 24, 2025 Place Technical Forum
80Views
0likes
2Comments
How are memory and disk allocated to different modules on bigip appliance?
hi, when doing "Resource Provisioning", the memory and disk space are auto allocated to LTM and ASM are shown as below. The amount of Memory and disk is minimum requirement, right? When a huge number of virtual server will be created later, will appliance auto allocate more spare memory and disk to the module? And what is he management module responsible for? Is it responsible for packet forwarding? should we set "Provisioning" to "Medium" or "Large" if the throughput is larger than 1Gbps? Can someone please advise? thanks in advance!
Herman2024
Sep 18, 2025 Place Technical Forum
440Views
0likes
8Comments
Ask an F5er- AMA with guest Shaun Gouws
I’m excited to announce that we will be hosting AMA (Ask me Anything) style events, giving you the opportunity to ask F5ers your questions. For our first official 'Ask an F5er' event, we are thrilled to welcome Shaun Gouws. Date: September 17th, 2025 Time: 10:00AM-12:00PM PDT Guest: Shaun Gouws, Service Delivery Manager, F5 Here is a little about Shaun in his own words to help you learn a bit about him and get your questions ready! "I’m Shaun Gouws, an IT professional dedicated to helping businesses thrive by improving efficiency, scalability, and innovation through technology. With years of experience in IT operations, cloud infrastructure, and solutions design, I specialize in aligning technology with business goals to deliver results. I’ve been with F5 since 2007 (with a little break as I moved countries) and worked across the IT Helpdesk Engineer, Network Support Engineer, Solutions Engineer and now I found myself in the Service Delivery Manager role. I’m passionate about identifying opportunities to optimize processes, solve complex challenges, and build systems that drive growth and adaptability in today’s fast-paced world. Let’s connect to share ideas, collaborate, and explore solutions that make an impact." The comment section will be open here on September 17th from 10:00AM to 12:00PM PDT. So get your questions ready, we hope to see you in the comments. AMA Guidelines Keep questions professional Keep questions brief and to the point No self-promotion No Outside links This is not intended as a personal troubleshooting session. Please keep questions to a broad audience No questions about the future product planning Avoid Repetition- If your question has been asked by another community member please avoid asking a second time. Avoid overly personal questions Remain open-minded- This is an opportunity for open dialogue, not for seeking a definitive answer to every question Please be patient as questions get answered
Melissa_C
Sep 17, 2025 Place Events
370Views
3likes
19Comments
Problems connecting to vpn after upgrading to ubuntu 24.04
good afternoon, I have upgraded ubuntu to 24.04 and since then I can no longer connect correctly to the vpn with the f5 client. In the client it appears that I am connected to the vpn, but then I do not reach any of the sites and servers that with the 22.04 version if it arrived. Can you help me.
bizkaipc
Sep 09, 2025 Place Technical Forum
8.4KViews
2likes
9Comments
Is it possible to create a Single Pool with multiple ports ?
Am getting this error when i try to create a Pool with Any service ports 01070622:3: The monitor /Common/tcp has a wildcard destination service and cannot be associated with a node that has a zero service is there anyway we can create single pool which supports multiple ports ? we have the requirements for using more that 50 ports , and in the VIP config we can create a single vip with add the required ports from port list. How we can accomplish this Or creating a multiple pools and VIP's with different ports is the only option . Any help would be appreciated .Thanks in advance
mpalaves
Sep 03, 2025 Place Technical Forum
147Views
0likes
8Comments
Lab: Have a Slice of AI from a Raspberry Pi
So nice we had to do it twice! Have a Slice of AI from a Raspberry Pi Services such as ChatGPT have made accessing Generative AI as simple as visiting a web page. Whether at work or at home, there are advantages to channeling your user base (or family in the case of at home) through a central point where you can apply safeguards to their usage. In this virtual lab, you will learn how to: Deliver centralized AI access through a Raspberry Pi Create an AI Agent for use in labs and personal life Learn basic methods for safeguarding AI Learn how users might circumvent essential safeguards Learn how to deploy additional services from F5 to enforce broader enterprise policies This lab takes place in an F5 virtual lab environment. Register Here. Bonus: Complete the lab and a follow-up call with F5, and you’ll receive a Raspberry Pi to build and test your own solution.* *Limited stock and available only in the US and Canada. Raspberry Pi is exclusive to lab participants who complete the experience and join a follow-up call.
slopatin
Sep 02, 2025 Place Events
199Views
1like
0Comments
Just Announced! Attend a lab and receive a Raspberry Pi
Have a Slice of AI from a Raspberry Pi Services such as ChatGPT have made accessing Generative AI as simple as visiting a web page. Whether at work or at home, there are advantages to channeling your user base (or family in the case of at home) through a central point where you can apply safeguards to their usage. In this lab, you will learn how to: Deliver centralized AI access through something as basic as a Raspberry Pi Learn basic methods for safeguarding AI Learn how users might circumvent basic safeguards Learn how to deploy additional services from F5 to enforce broader enterprise policies Register Here This lab takes place in an F5 virtual lab environment. Participants who complete the lab will receive a Raspberry Pi* to build the solution in their own environment. *Limited stock. Raspberry Pi is exclusive to this lab. To qualify, complete the lab and join a follow-up call with F5.
slopatin
Aug 27, 2025 Place DevCentral News
944Views
7likes
2Comments