ltm rule event ACCESS SAML AUTHNΒΆ

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



ACCESS_SAML_AUTHN
       This event is triggered when the SAML authentication request payload is
       generated for a user session.

DESCRIPTION
       This event is triggered when the SAML authentication request payload is
       generated and before it is signed for a user session by BIG-IP as
       service provider. Admin can use this event to view and make
       modifications to the generated SAML authenticiation request payload.
       Admin can use ACCESS::saml authn command to extract and modify SAML
       authenticiation request.

Examples
	when ACCESS_SAML_AUTHN {
		# Variable authn_request is set to SAML authentication request payload generated.
		set authn_request [ ACCESS::saml authn ]
		# The value set in variable authn_request is logged.
		log -noname accesscontrol.local1.notice "AuthN Req before modification: $authn_request"
		# The NameIDPolicy format in authn_request is modified from 'unspecified' to 'emailAddress' and set in variable new_authn_request.
		set new_authn_request [ string map {"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"} $authn_request ]
		# Variable new_authn_request is set as the SAML authentication request to be processed and forwarded.
		ACCESS::saml authn $new_authn_request
		# The value set in variable new_authn_request is logged.
		log -noname accesscontrol.local1.notice "AuthN Req after modification: $new_authn_request"
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-14.1.0 --First introduced the event.



BIG-IP				  2019-05-10			      iRule(1)