APM Oauth clintless mode

Question

Hi,
We currently have the following setup:
client( not a web browser) sends a post request to an internal oauth server with the following parameters:
username: some_user
password: some_pass
scope: some_scope
grant_type: some_grant

if the client passes the authentication he receives a bearer access token which is inserted to the header on the response.
Then he can access and use the rest api.
We want to integrate F5 into the current scenario so it will act as a client/resource provider( I hope those are the right terms) and then will check the validity of the access token.
I'm pretty new to all of the terms and the process of getting an access token, I have read couple of posts on devcentral, guides on f5 clouddocs and on ask f5 and started to play around with it.
Those are the resources I've used so far:
https://devcentral.f5.com/questions/apm-authentication-for-a-sessionless-and-clientless-api-62162
https://clouddocs.f5.com/training/community/iam/html/class2/module1/module1.html
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-single-sign-on-concepts-configuration-14-1-0/04.html
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-authentication-and-single-sign-on-14-0-0/38.html
I have a very general idea how its supposed to work:
Client sends a POST request to a VS with apm.An irule will check the request and insert clientless mode.somehow I need to parse the POST parameters and assign them to the appropriate APM variables.There must be a provider configuration and a request configuration ( with the appropriate variables which were parsed ).F5 requests an access token from the oauth server and if successful then on the response it inserts a bearer header with the received access token.The client sends requests to the api which is configured behind a different VS with a per request AP which will verify his bearer token and the scope with the Oauth server.
I would like to know if that's something possible to achieve and where and how to start.
Thanks,
Alex

nicolas_destor · Answer

Hi,&nbsp;
Your current OAuth Server have to become an Authorization Server to perform the authentication for you new F5 OAuth ressource.&nbsp;
There is a useful lab here that describe how to configure an Oauth Provider (AS) and an Oauth Ressource Server in F5: &nbsp;
https://clouddocs.f5.com/training/community/iam/html/class2/module2/module2.html&nbsp;

Forum Discussion

APM Oauth clintless mode

Recent Discussions

SSL bridging without SSL proxy forward

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

Should config via cli rather than gui?

Related Content

Basic OAuth concept and OAuth with F5 solutions

Implementing basic OAuth with F5 BIG-IP APM

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query

Monitoring Failure OAuth request

OAuth and OpenID Connect - Made easy with Access Guided Configurations templates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS