so my working irule looks like this:
when ACCESS_POLICY_COMPLETED {
if { [ACCESS::session data get session.server.landinguri] starts_with "/saml/idp/profile/redirectorpost/sso" } {
log local0. "SP initiated SAML detected, not sending redirect"
}
if { [ACCESS::session data get session.server.landinguri] starts_with "/SAMLURL" } {
log local0. [ACCESS::session data get session.assigned.resources.saml]
ACCESS::respond 302 Location "https://sso.example.com/saml/idp/res?id=/Common/SAML_Resource"
log local0. "IDP initiated SAML detected, sending redirect"
} else {
log local0. "Nothing Matched land on portal"
}}
looks like yours handle the 302 redirect but not the SP-initiated. do i need to add those lines to both httprequest and accesspolicy completed sections?