Jump to content
Welcome to our new Citrix community!

ADC as SAML IDP need SP Info from Assertion

Joseph Tuttle

Recommended Posts



In the process of implementing ADC for SSO and as a SAML IDP. I have found a situation where when referred to ADC AAA by the SP for authentication, I need to be able to determine the URL that referred the traffic to the AAA. However, no such value seems to exist in most SP POST headers going to /saml/login to determine this. No referrer, etc.


However, I do see plenty of usable information in the actual assertion XML that comes from the SP. Is there any way to grab any of these values from the assertion XML and bring that value into the policy engine for evaluation? 



Link to comment
Share on other sites

6 hours ago, Oriol Agullo1709161375 said:



You can use the atributes of the assertion XML.


For example, if I want use the first attibute, within the SAML Server, I have that add the first oid.





Not sure if we are quite looking at the same thing. I am using ADC as an IDP and lets say... Sharefile as an IDP for an example. User goes to Sharefile site and clicks login and is redirected to our AAA with a XML SAML request in the form of a POST. Something like:




My intent is to grab the the Assertion URL (XXXX.sharefile.com) and use it as part of a rewrite action. Obviously, I can grab a traditional HTTP REQ header or content value and use it in a Responder policy or the like, but the Service Provider HTTP request headers for he request do not contain the identifying information I need. The SAML data does.


Does this make more sense?



Link to comment
Share on other sites

  • 2 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...