Forum Discussion
Bump! Same question on my side, this is actually a mandatory feature.
Any possibility to do json arrays / lists in a claim?
Thanks!
- Daniel_W_Jan 24, 2019Cirrus
Okay, I now opened a support ticket and let you know about the result.
- Peter_Jacob_Sl1Jan 16, 2020Nimbostratus
Hej Daniel,
I have a simular problem,
Did you get information as a result of your ticket that you can share?
Regards,
Peter
- Daniel_W_Jan 16, 2020Cirrus
I got this RFE: "BZ724666 [RFE][OAuth AS] Support array of strings in scope value"..
- Eric_Chen_12394Feb 22, 2019Historic F5 Account
I believe this is possible (at least on <= 14.1) if you use an iRule event. Something like:
¬â€
... set mygroups [ ACCESS::session data get "session.mygroups" ] append payload {,"mygroups":} "\[$mygroups\]" ...
This is adapted from the example at: https://clouddocs.f5.com/api/irules/ACCESS__oauth.html
¬â€
In my AP I have a variable assign with an expression of:
¬â€
return {"group1","group2"}
- Rene_C__129338Feb 22, 2019Nimbostratus
Hi,
yes, this is the easy part; but as we are not using the irule commands but the APM features directly to generate a JWT, i probably cant modify the resulting JWT inside an irule event?
Cheers, Rene
- Eric_ChenFeb 22, 2019Employee
In my case I had to remove the SSO Bearer Token config from the Access Policy and replace it with an iRule.
- Rene_C__129338Feb 22, 2019Nimbostratus
But that wont work when F5 is acting as Authorization server, since it will generate the JWT along with the refresh token through some black-box-magic. If there is any way to modify this generated JWT with an iRule, now this would make me quite happy, but i couldnt find any way to do this.
Also, just for reference, take care when using ACCESS:oauth sign, since it will generate the Token with Base64Uriencoding (without padding), which is different from the actual APM VE config, which will do base64encoding WITH padding for some obscure reason.
- Eric_ChenFeb 22, 2019Employee
Ah I see. Different use-case, same problem. I was seeing the same issue, but using APM for generating a Bearer token and not as the Authorization server, but the same issue occurs in both.