Forum Discussion

lashleya's avatar
lashleya
Icon for Altostratus rankAltostratus
Feb 18, 2021

iRule to remove HTTP Headers like SamAccountName

We are using the following iRule to include SamAccountName header:

 

when ACCESS_ACL_ALLOWED {

#Add Username as a Session Variable to be called below

if { [ACCESS::session data get session.saml.last.result] == 1 } {

set name [ACCESS::session data get "session.saml.last.attr.name.SamAccountName"]

HTTP::header insert SamAccountName "$name"

HTTP::header insert WL-Proxy-Client-IP [IP::client_addr]

}

 

Application owners have discovered the SamAccountName can be modified in the header and the user logging in will be different.

 

We are looking for a solution to write an iRule that would strip out the initial SamAccountName header information and replace it.

  • that would be HTTP::header replace or first HTTP::header delete and then HTTP::insert to make sure you don't have double ones.