Forum Discussion

Cirrus

Mar 09, 2022

Authorize request based on JWT group claims with API protection profile

Hello all! I´m trying to figure out a way to authorize requests that have been already authenticated by an Oauth scope step in the per-request policy. Conceptually it sounds quite simple: if a group...

application delivery

security

Ustrum

Cirrus

Jul 08, 2022

In case someone ends up in this thread, eventually got this sorted out with irules (what else?), based on the jwt parser from this post

Recent Discussions

self-directed requests fail because of no certificate
Dec 26, 2024
Maudigan
Decode ObjectSID from Base64-encode string
Dec 26, 2024
Sefi_Miz
iRule - Url rewrite and header replace and pool selection not working
Dec 26, 2024
rct101
ip x-forwarding
Dec 26, 2024
Abdou76
F5 ASM API-Protection Policy
Dec 26, 2024
Alex-Alderson

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Authorize request based on JWT group claims with API protection profile

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Managing NGINX App Protect WAF for Beginners

OWASP Tactical Access Defense Series: Broken Object Property Level Authorization and BIG-IP APM

iRule - Authorization Bearer / Basic

Protecting gRPC based APIs with NGINX App Protect

Mitigating OWASP API Security Top 10 risks using F5 NGINX App Protect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS