ACCESS_SAML_SLO_REQ¶
Description¶
This event is triggered when the SAML single logout request payload is
generated and before it is signed for a user session by BIG-IP as
service provider or identity provider. Admin can use this event to
view and make modifications to the generated SAML single logout
request payload. Admin can use ACCESS::saml slo_req command to extract
and modify SAML single logout request.
Examples¶
when ACCESS_SAML_SLO_REQ {
# Variable slo_request is set to the SAML single logout request payload generated.
set slo_request [ ACCESS::saml slo_req ]
# The value set in variable slo_request is logged.
log -noname accesscontrol.local1.notice "SLO Request before modification: $slo_request"
# The variable slo_request is copied to variable new_slo_request.
set new_slo_request $slo_request
# regsub is used to insert attribute 'Reason' before 'Version' attribute in new_slo_request.
regsub -all {Version="2.0"} $new_slo_request "Reason=\"urn:oasis:names:tc:SAML:2.0:logout:user\" Version=\"2.0\"" new_slo_request
# Variable new_slo_request is set as the SAML single logout request to be processed and forwarded.
ACCESS::saml slo_req $new_slo_request
# The value set in variable new_slo_request is logged.
log -noname accesscontrol.local1.notice "SLO Request after modification: $new_slo_request"
}