Forum Discussion

Nimbostratus

Jan 04, 2019

APM: OAUTH2 JWT Token with groups claim

Hello and happy new year 😉 We use APM as OAuth Authorization Server to create JWT token for apps. One of our customers wants to use the MicroProfile JWT(MP-JWT) for his application, that needs som...

BIG-IP Access Policy Manager (APM)

Cirrocumulus

Hi Daniel, I am looking for something similar as well that F5 should provide JWT wherin we have the claims (attributes) values. I ma new to this but I used the guided config and setup F5 as the authorization server, with Postman I can succesfully retrieve the access token and refresh token. I configured the claims in the application on the F5.

How do I actually retreive those values from F5, do I have to provide the access token to F5 as authorization header to be able to retreive this information or should it already be included shile receiving the access token? How to verify this with Postman (I am lacking oauth test APP). Could you eleborate on this and what about this RFE is this fixed now? Thanks a lot

Daniel_W_

Cirrus

Apr 08, 2020

Hi Marvin,

you can retrieve the claims in the JWT access token.

You need to add token_content_type=jwt to the request and enable JWT in OAUTH profile and Client ID

Example:

https://sso.test.com/f5-oauth2/v1/authorize?redirect_uri=https://localhost&response_type=code&client_id=xyz&token_content_type=jwt

Marvin
Cirrocumulus
Apr 08, 2020
Hi Daniel, ok thanks that makes sense so you just use GET method not POST? I just tested and F5 replies to the redirect URL with the Access token appended but I dont see any claims info. Inside the oauth profile and client application JWT checkbox is enabled, any thoughts left?
Marvin
Cirrocumulus
Apr 08, 2020
In de access profile logs I see that session.assigned.oauth.authz.token.claim are being set with correct values so information is being collected
Marvin
Cirrocumulus
Apr 08, 2020
Also see .session.oauth.authz.jwt_token being set
Marvin
Cirrocumulus
Apr 08, 2020
I confirm that when using token_content_type=jwt the claim variables are being set with right values except for the fact that its not responding with the JWT and claims information. The only thing is that its being redirected with parameter ?code=xxxxxxx
Marvin
Cirrocumulus
Apr 08, 2020
I use version 13.1.3

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM: OAUTH2 JWT Token with groups claim

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

iControl REST Authentication Token Management

APM - translating group SIDs extracted from Kerberos token

set TOKEN [getfield [HTTP::uri]

Certified Kubernetes Administrator - Study Group

APM/OAuth2 : auto apply changes made by discovery

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS