Forum Discussion
Oauth scope custom authorization header
Hello,
The "Oauth scope" agent expects to find and validate the bearer token in the request header variable called "Authorization", which is according to standard. My question is, is it possible to "instruct" the Oauth scope agent to read the bearer token from another header, that is a custom header, e.g. "CustomAuthroization"? For example, by using an iRule to read the custom header and place it in the variable Oauth scope expect to find it, or perhaps changing the value of "perflow.oauth.scope.auth_hdr_name"?
We planing to make some test, but it would be nice to know is this is just "impossible" or if there is hope to make this work.
Thanks in advance.
4 Replies
newbie Sadly you cannot create a user on the BIG-IQ and push it to the devices it manages. The only user modifications that you are capable of doing from the BIG-IQ to the BIG-IP is changing the default admin and root users password. You might be able to create a script that uses REST API and you feed it a list of devices to connect to and make the change. The following link has the command to create a new user on the BIG-IP using REST API under the section "Creating a new BIG-IP system user account" about halfway down the page.
Nikoolayy1 Nice to see that this is hidden as much as possible. Also nice to see that it is the exact same thing that I recommended but in an existing script on the BIG-IQ. About the only thing I don't like about this script is that it has the credentials listed in the file at the top in clear text. I'm sure if I spend enough time I might be able to figure out how to reference a credentials file and run it from a management station instead. Did I mention that I dislike the BIG-IQ?
BIG-IQ gets this bad reputation because of the strange design choices that the developers had compared to BIG-IP 🙂
Still also the bash script curl command can use a token not the username and password as first the token is generated and saved to a file on the big-ip by the script then it can be referenced.
Outside of that the scrript can just trigger tmsh commands like "tmsh <the command >" and as the create user tmsh command I think was interactive there is workaround described in https://community.f5.com/t5/codeshare/ansible-running-bash-commands-with-bigip-command-module-how-it-s/ta-p/311593
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com