ltm rule event ACCESS SAML SLO REQΒΆ

iRule(1)					  BIG-IP TMSH Manual					     iRule(1)

ACCESS_SAML_SLO_REQ
       This event is triggered when the SAML single logout request payload is generated for a user session.

DESCRIPTION
       This event is triggered when the SAML single logout request payload is generated and before it is signed for a
       user session by BIG-IP as service provider or identity provider. Admin can use this event to view and make
       modifications to the generated SAML single logout request payload. Admin can use ACCESS::saml slo_req command
       to extract and modify SAML single logout request.

Examples
	when ACCESS_SAML_SLO_REQ {
		# Variable slo_request is set to the SAML single logout request payload generated.
		set slo_request [ ACCESS::saml slo_req ]
		# The value set in variable slo_request is logged.
		log -noname accesscontrol.local1.notice "SLO Request before modification: $slo_request"
		# The variable slo_request is copied to variable new_slo_request.
		set new_slo_request $slo_request
		# regsub is used to insert attribute 'Reason' before 'Version' attribute in new_slo_request.
		regsub -all {Version="2.0"} $new_slo_request "Reason=\"urn:oasis:names:tc:SAML:2.0:logout:user\" Version=\"2.0\"" new_slo_request
		# Variable new_slo_request is set as the SAML single logout request to be processed and forwarded.
		ACCESS::saml slo_req $new_slo_request
		# The value set in variable new_slo_request is logged.
		log -noname accesscontrol.local1.notice "SLO Request after modification: $new_slo_request"
	}

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-14.1.0 --First introduced the event.

BIG-IP						      2020-06-23					     iRule(1)