APM: OAUTH2 JWT Token with groups claim

Hello and happy new year 😉

We use APM as OAuth Authorization Server to create JWT token for apps. One of our customers wants to use the MicroProfile JWT(MP-JWT) for his application, that needs some specific claims: https://github.com/eclipse/microprofile-jwt-auth/blob/master/spec/src/main/asciidoc/interoperability.asciidoc

One requirement is to encode the groups claim in JSON array:

 "groups": ["red-group", "green-group", "admin-group", "admin"]

We now try to set the claim with groups from the Active Directory. With an iRule, I filtered the AD groups (from memberOf) and set a new APM variable (session.custom.groups) with this value:

["red-group", "green-group", "admin-group", "admin"]

When I now add a claim groups with %{session.custom.groups} as value, I see that string in my JWT token:

"groups": "[\"red-group\", \"green-group\", \"admin-group\", \"admin\"]"

So the value is escaped and has is in quotation marks.

Is there any chance to send claims as JSON array?

Any help would be appreciated.

Forum Discussion

APM: OAUTH2 JWT Token with groups claim

25 Replies

AppWorld Berlin 2026 – iRules Contest Winning Results

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

IPv8 Would Fix My Routing Tables. It Will Never Ship.

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6

F5 ASM/AWAF – violations logged but no learning suggestions generated

F5 VELOS Backplane Inter-Tenants Communication

migrate from serie I to R. Cluster LTM-GTM

Best Practice guide for enabling Attack signature In BIG-IP ASM

Related Content

AI Token Limit Enforcement

iControl REST Authentication Token Management

JSON Web Token (JWT) Parser

Demystifying iControl REST Part 6: Token-Based Authentication

Google Authenticator Soft Token Generator