Forum Discussion

AlexS_yb's avatar
Icon for Cirrocumulus rankCirrocumulus
Aug 23, 2023

401 being sent by pool member is affect f5 apm sso config



so lets say

http://test/sso/protected/changeUser => pool  backendA

http://test/sso/protected/test => pool  backendA - it just dumps all the headers and cookie sent on the request


is protected by OAuth in APM

and that I have SSO setup so that a JWT is sent to the back end (pool)

if I open a browser and go to http://test/sso/protected/test I can sent to the OAuth server to get a oauth token

then my request gets sent to pool backendA and it sends a html page with all of my info - works

if I go to http://test/sso/protected/changeUser and it just sends a 401  i get this on the browser okay then i go back to

http://test/sso/protected/test - I get not authorised


How can I get APM or F5 to no interpret the 401 being send by the backend pool



2 Replies

  • Look at your SSO config - it should be setup as OAuth Bearer. You can either send all the time, or based on a 401 response, and you can send a passthrough from the OAuth IdP, or create a new JWT.

    I'd be inclined to set it to create a new JWT and see whether it sends the JWT based on server response. If so, there is probably an issue with the OAuth IdP JWT ( ie maybe it is opaque rather than JWT ) so do some logging around this and dig into it.

    • AlexS_yb's avatar
      Icon for Cirrocumulus rankCirrocumulus



      Sorry I wasn't clear I send the JWT on every request - one of the request failed some logic in the code on the back and and the return was a 401. at that point APM invalidate the SSO session and blanked out the JWT and all furthor requests failed not authorised.


      I don't want the f5 to act on the 401 sent by the back end server