Hello,
I would like to know if it's possible to update a SAML attribute on an existing session when the F5 is used as IdP.
Here is the scenario:
1 - User ask to login in SP-A.
2 -...
I can already update the session variable via an iRule, that's no the problem.
The thing is that the saml attribute is somehow fixed the first time it is set (even if it's configured to use the session variable).
Here is an extract of my irule:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/saml/idp/profile/redirectorpost/sso" }{
if { [HTTP::cookie exists MRHSession] and [ACCESS::session exists -state_allow [HTTP::cookie value MRHSession]] } {
set oauthResp [call oauthCall]
ACCESS::session data set session.oauth.access_token [call key2value $oauthResp access_token]
}
}
}
But the F5 is using the same attribute values it got the first time, the variable update is no taken into account