David_123856
Jul 21, 2014Nimbostratus
Is there a way to manipulate SAMLRequest in an iRule
I have an issue with an SP initiated SAML service where they have multiple Instances, but only provide one Issuer from all of them. In the Redirect request I can determine which instance from the RelayState param, but because the SAMLRequest has the same issuer it only ever matches my first configured SAML idp config.
I was considering deflating the SAML token in an iRule and then changing the issuer based on the relaystate, but can't figure out how to deflate the SAMLRequest URL param.
Anyone know if this is possible?
PS. Already asked about using HTTP Post from the SP and they dont support it. Has to be HTTP Redirect with the Request in the querystring