session awareness saml sp

Question

I have an ASM (v13.0) in front of an application which has a SAML SP role.
I would like to use the session awareness feature but I can't find how. No iRule command to have it set in an iRule apparently (I could parse the assertion). 
Thank you for any tips&nbsp;
Alex&nbsp;

boneyard · Answer

do you mean this session awareness feature:
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-0-0/15.html&nbsp;

amolari · Answer

yes&nbsp;

boneyard · Answer

i kinda wonder if that will work. from what i recall on session awareness is that ASM has to detect the login process, create a login page configuration for that. with a SP it will redirect to the IdP for the login process. the ASM might see the SAML assertion but not actual login.&nbsp;
my experience with that functionality is limit and the few times i tried the pages weren't create in just the right way for ASM to detect the login.&nbsp;

stanislas_piro2 · Answer

you can try following steps :&nbsp;

In HTTP_REQUEST, on SAML URL
parse the assertion to extract username (if existing)Add HTTP header Authorization with username and a fake password 
In ASM, create a login URL with Basic authentication
In HTTP_REQUEST_RELEASE
remove HTTP header Authorization

let us know if it works!&nbsp;

Forum Discussion

session awareness saml sp

4 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

Happy Cybersecurity Awareness Month!

F5 QSN, Cybersecurity Awareness Month - October 1st-7th, 2023 - F5 SIRT - This Week in Security

Zero Trust - Making use of a Powerful Identity Aware Proxy (Hands on lab)

Zero Trust Access with F5 Identity Aware Proxy and Crowdstrike Falcon

Identity-Aware Proxy in the Public Cloud