ltm rule event ACCESS SAML SLO REQ
iRule(1) BIG-IP TMSH Manual iRule(1)
ACCESS_SAML_SLO_REQ
This event is triggered when the SAML single logout request payload is generated for a user session.
DESCRIPTION
This event is triggered when the SAML single logout request payload is generated and before it is signed for a
user session by BIG-IP as service provider or identity provider. Admin can use this event to view and make
modifications to the generated SAML single logout request payload. Admin can use ACCESS::saml slo_req command
to extract and modify SAML single logout request.
Examples
when ACCESS_SAML_SLO_REQ {
# Variable slo_request is set to the SAML single logout request payload generated.
set slo_request [ ACCESS::saml slo_req ]
# The value set in variable slo_request is logged.
log -noname accesscontrol.local1.notice "SLO Request before modification: $slo_request"
# The variable slo_request is copied to variable new_slo_request.
set new_slo_request $slo_request
# regsub is used to insert attribute 'Reason' before 'Version' attribute in new_slo_request.
regsub -all {Version="2.0"} $new_slo_request "Reason=\"urn:oasis:names:tc:SAML:2.0:logout:user\" Version=\"2.0\"" new_slo_request
# Variable new_slo_request is set as the SAML single logout request to be processed and forwarded.
ACCESS::saml slo_req $new_slo_request
# The value set in variable new_slo_request is logged.
log -noname accesscontrol.local1.notice "SLO Request after modification: $new_slo_request"
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-14.1.0 --First introduced the event.
BIG-IP 2020-06-23 iRule(1)