Forum Discussion
Daniel_W__13795
Jan 04, 2019Nimbostratus
APM: OAUTH2 JWT Token with groups claim
Hello and happy new year 😉
We use APM as OAuth Authorization Server to create JWT token for apps.
One of our customers wants to use the MicroProfile JWT(MP-JWT) for his application, that needs som...
Evgeny_Udaltsov
Jul 25, 2023Nimbostratus
Create Claime `groups` with value, set type `custom`:
[%{session.user.custom.memberOf}]
Create iRule and assingn it to the VS with your Access Policy:
# memberOf String Example: "| CN=RedGroup_Name,OU=_Groups,DC=example,DC=com | CN=GreenGroup_Name,OU=_Groups,DC=example,DC=com | ..."
when ACCESS_POLICY_AGENT_EVENT {
if {[ACCESS::policy agent_id] eq "memberOfCustomization"} {
set result {}
set pattern "Any Group's Filter Pattern"
# Get All User's Groups from the Session Var (String)
set memberOf [ACCESS::session data get "session.ldap.last.attr.memberOf"]
# Get List of "canonicalName" Strings
set groups [regexp -all -inline "CN=.*?(?=,)" $memberOf]
foreach elem $groups {
# Get Groups by Pattern
if {[string first $pattern $elem] != -1} {
# Replace 'CN=' to Nothing and Append Group to the 'result' List
append result \"[regsub "CN=" $elem ""]\",
}
}
ACCESS::session data set session.user.custom.memberOf $result
}
}
Inside your Access Policy add `iRule Event` block with `memberOfCustomization` EventID before your `OAuth Authorization` block.
APM ver 16.1.0
Hope it will be helpful 🙂
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects