ltm rule event ACCESS SAML ASSERTIONΒΆ

iRule(1)					  BIG-IP TMSH Manual					     iRule(1)

ACCESS_SAML_ASSERTION
       This event is triggered when the SAML assertion payload is generated for a user session.

DESCRIPTION
       This event is triggered when the SAML assertion payload is generated and before it is signed for a user
       session by BIG-IP as identity provider. Admin can use this event to view and make modifications to the
       generated SAML assertion payload. Admin can use ACCESS::saml assertion command to extract and modify SAML
       assertion.

Examples
	when ACCESS_SAML_ASSERTION {
		# Variable assertion is set to the SAML assertion payload generated.
		set assertion [ ACCESS::saml assertion ]
		# The value set in variable assertion is logged.
		log -noname accesscontrol.local1.notice "Assertion before modification: $assertion"
		# The AuthnContextClassRef in assertion is modified from 'unspecified' to 'PasswordProtectedTransport' and set in variable new_assertion.
		set new_assertion [ string map {"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"} $assertion ]
		# Variable new_assertion is set as the SAML assertion to be processed and forwarded.
		ACCESS::saml assertion $new_assertion
		# The value set in variable new_assertion is logged.
		log -noname accesscontrol.local1.notice "Assertion after modification: $new_assertion"
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-14.1.0 --First introduced the event.

BIG-IP						      2020-06-23					     iRule(1)