Ustrum
Mar 09, 2022Cirrus
Authorize request based on JWT group claims with API protection profile
Hello all!
I´m trying to figure out a way to authorize requests that have been already authenticated by an Oauth scope step in the per-request policy. Conceptually it sounds quite simple: if a group is present in the JWT claims, the request should be authorized, otherwise it should be rejected.
I´ve found a lab explaining how to achieve the same on Nginx plus, so I would think it should be possible with APM, nevertheless I´m unable to find a way to access the JWT payload from APM.
A workaround would be to handle it with an Irule on LTM, converting the base64 content on the JWT, parsing it and checking the content, but I´d be surprised it doesn´t come out of the box with APM.
TIA,
Pablo