ltm rule event ACCESS SAML ASSERTIONΒΆ

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



ACCESS_SAML_ASSERTION
       This event is triggered when the SAML assertion payload is generated
       for a user session.

DESCRIPTION
       This event is triggered when the SAML assertion payload is generated
       and before it is signed for a user session by BIG-IP as identity
       provider. Admin can use this event to view and make modifications to
       the generated SAML assertion payload. Admin can use ACCESS::saml
       assertion command to extract and modify SAML assertion.

Examples
	when ACCESS_SAML_ASSERTION {
		# Variable assertion is set to the SAML assertion payload generated.
		set assertion [ ACCESS::saml assertion ]
		# The value set in variable assertion is logged.
		log -noname accesscontrol.local1.notice "Assertion before modification: $assertion"
		# The AuthnContextClassRef in assertion is modified from 'unspecified' to 'PasswordProtectedTransport' and set in variable new_assertion.
		set new_assertion [ string map {"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"} $assertion ]
		# Variable new_assertion is set as the SAML assertion to be processed and forwarded.
		ACCESS::saml assertion $new_assertion
		# The value set in variable new_assertion is logged.
		log -noname accesscontrol.local1.notice "Assertion after modification: $new_assertion"
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-14.1.0 --First introduced the event.



BIG-IP				  2019-05-10			      iRule(1)