ltm rule event ACCESS SAML ASSERTION
iRule(1) BIG-IP TMSH Manual iRule(1)
ACCESS_SAML_ASSERTION
This event is triggered when the SAML assertion payload is generated for a user session.
DESCRIPTION
This event is triggered when the SAML assertion payload is generated and before it is signed for a user
session by BIG-IP as identity provider. Admin can use this event to view and make modifications to the
generated SAML assertion payload. Admin can use ACCESS::saml assertion command to extract and modify SAML
assertion.
Examples
when ACCESS_SAML_ASSERTION {
# Variable assertion is set to the SAML assertion payload generated.
set assertion [ ACCESS::saml assertion ]
# The value set in variable assertion is logged.
log -noname accesscontrol.local1.notice "Assertion before modification: $assertion"
# The AuthnContextClassRef in assertion is modified from 'unspecified' to 'PasswordProtectedTransport' and set in variable new_assertion.
set new_assertion [ string map {"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified" "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"} $assertion ]
# Variable new_assertion is set as the SAML assertion to be processed and forwarded.
ACCESS::saml assertion $new_assertion
# The value set in variable new_assertion is logged.
log -noname accesscontrol.local1.notice "Assertion after modification: $new_assertion"
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-14.1.0 --First introduced the event.
BIG-IP 2020-06-23 iRule(1)