Pass variable through policy using iRule
We are setting up a relatively standard f5 deployment using SAML for SSO. Aside from a standard username/password logon, there are situations where users may click a link that points directly to a piece of content within the target resource. These users may not have a session started at the f5, but they should be prompted for credentials then fwd to the requested resource. Before SAML is applied to the policy (apparently this cannot be done without using a webtop), this works fine but as soon as SAML is applied, the original requested URL is lost since SAML is setup to fwd to a specific path to validate the assertion from the IdP. What we need is to pass a variable through the login process that contains the ID of the content, so:
https://example.com/consume.aspx?contentid=1234 gets truncated when /my.policy is applied at the login screen but needs to be preserved and passed through to the SP.
The contentid value will change, so how can the original URL be preserved, parsed and the contentid be included as a SAML attribute?