BIG-IP 13.1.0.x

-Import workspace

-Create plugin (samlreplay_plugin)

-Attach TCL iRule to VS

-APM integration hasnt been completed yet.

-Datagroup creation for config items, details in TCL irule.

-APM Integration: ACCESS_ACL_ALLOWED {} // if MRHSession then ACCESS::session data set session.samlreplay.attributes.*

SP-Initiated: Will currently generate AuthNRequest on GET / if no MRHSession.

HTTP-REDIRECT -- Binding currently seems good. SigAlg and RelayState querystrings ignored, extract whats needed directly from assertion. SAMLResponse is pulled in and the signature is verified against a known public key for the issuer. Then forwarded on to the application.

HTTP-POST -- May need to adjust camel case of SAMLReplay form-data, string tolower was causing me some greif, ill look into that eventually. SAMLResponse is pulled in and the signature is verified against a known public key for the issuer. Then forwarded on to the application. Application Cookie is a configuration item in the datagroup as well, this tells the system which cookie to look for to ignore verification on follow-on requests.

APM MRH Session cookies can be used for this as well.