Joseph Tuttle Posted September 16, 2021 Share Posted September 16, 2021 Hi, In the process of implementing ADC for SSO and as a SAML IDP. I have found a situation where when referred to ADC AAA by the SP for authentication, I need to be able to determine the URL that referred the traffic to the AAA. However, no such value seems to exist in most SP POST headers going to /saml/login to determine this. No referrer, etc. However, I do see plenty of usable information in the actual assertion XML that comes from the SP. Is there any way to grab any of these values from the assertion XML and bring that value into the policy engine for evaluation? Thanks! Link to comment Share on other sites More sharing options...
Oriol Agullo1709161375 Posted September 17, 2021 Share Posted September 17, 2021 Hi, You can use the atributes of the assertion XML. For example, if I want use the first attibute, within the SAML Server, I have that add the first oid. Link to comment Share on other sites More sharing options...
Joseph Tuttle Posted September 17, 2021 Author Share Posted September 17, 2021 6 hours ago, Oriol Agullo1709161375 said: Hi, You can use the atributes of the assertion XML. For example, if I want use the first attibute, within the SAML Server, I have that add the first oid. Not sure if we are quite looking at the same thing. I am using ADC as an IDP and lets say... Sharefile as an IDP for an example. User goes to Sharefile site and clicks login and is redirected to our AAA with a XML SAML request in the form of a POST. Something like: My intent is to grab the the Assertion URL (XXXX.sharefile.com) and use it as part of a rewrite action. Obviously, I can grab a traditional HTTP REQ header or content value and use it in a Responder policy or the like, but the Service Provider HTTP request headers for he request do not contain the identifying information I need. The SAML data does. Does this make more sense? Link to comment Share on other sites More sharing options...
Joseph Tuttle Posted October 31, 2023 Author Share Posted October 31, 2023 Solved by Ross Bender: https://discussions.citrix.com/topic/412142-determine-nfactor-flow-based-on-saml-idp-profile/ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now