ACCESS_SAML

Description¶

This event is triggered when the SAML authentication request payload is generated and before it is signed for a user session by BIG-IP as service provider. Admin can use this event to view and make modifications to the generated SAML authentication request payload. Admin can use ACCESS::saml authn command to extract and modify SAML authentication request.

Examples¶

when ACCESS_SAML_AUTHN {
        # Variable authn_request is set to SAML authentication request payload generated.
        set authn_request [ ACCESS::saml authn ]
        # The value set in variable authn_request is logged.
        log -noname accesscontrol.local1.notice "AuthN Req before modification: $authn_request"
        # The NameIDPolicy format in authn_request is modified from 'unspecified' to 'emailAddress' and set in variable new_authn_request.
        set new_authn_request [ string map {"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"} $authn_request ]
        # Variable new_authn_request is set as the SAML authentication request to be processed and forwarded.
        ACCESS::saml authn $new_authn_request
        # The value set in variable new_authn_request is logged.
        log -noname accesscontrol.local1.notice "AuthN Req after modification: $new_authn_request"
}

Related Information¶

Available Commands:

Introduced: BIGIP-14.1 (Requires APM module)

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.

ACCESS_SAML_AUTHN¶

Description¶

Examples¶

Related Information¶