Forum Discussion
GeoffG
Dec 03, 2019Altostratus
Hi and thanks mate
I have worked it out with a combination of what you provided and my own stuff.
Likely this isn't the best way to do it but it works at least.. 😉
Thanks for your help though.... Much appreciated.
when RULE_INIT {
set static::debug 0
set static::first_http 1
}
when ACCESS_ACL_ALLOWED {
set oktaUser [ACCESS::session data get "session.saml.last.identity"]
if { $static::debug } { log local0. "id is $oktaUser" }
if { !([HTTP::header exists "OKTA_USER"]) } {
HTTP::header insert "OKTA_USER" $oktaUser
}
set oktaFirstName [ACCESS::session data get "session.saml.last.attr.name.FirstName"]
if { $static::debug } { log local0. "id is $oktaFirstName" }
if { !([HTTP::header exists "OKTA_FIRSTNAME"]) } {
HTTP::header insert "OKTA_FIRSTNAME" $oktaFirstName
}
set oktaLastName [ACCESS::session data get "session.saml.last.attr.name.LastName"]
if { $static::debug } { log local0. "id is $oktaLastName" }
if {!([HTTP::header exists "OKTA_LASTNAME"]) } {
HTTP::header insert "OKTA_LASTNAME" $oktaLastName
}
set oktaEmail [ACCESS::session data get "session.saml.last.attr.name.Email"]
if { $static::debug } { log local0. "id is $oktaEmail" }
if { !([HTTP::header exists "OKTA_EMAIL"]) } {
HTTP::header insert "OKTA_EMAIL" $oktaEmail
}
set hsl [HSL::open -publisher /Common/hslsyslog]
if { $static::first_http } {
HSL::send $hsl "Client=[IP::client_addr] connection accepted."
HSL::send $hsl "OKTA_USER Value=[HTTP::header value OKTA_USER]"
HSL::send $hsl "OKTA_USERNAME Value=[HTTP::header value OKTA_USERNAME]"
HSL::send $hsl "OKTA_FIRSTNAME Value=[HTTP::header value OKTA_FIRSTNAME]"
HSL::send $hsl "OKTA_LASTNAME Value=[HTTP::header value OKTA_LASTNAME]"
HSL::send $hsl "OKTA_EMAIL Value=[HTTP::header value OKTA_EMAIL]"
set static::first_http 0
}
}