Forum Discussion
NimbostratusBIG-IP Oauth Client and AS
Dear Community
After days of troubleshooting im out of luck with my configuration.
I've followed the following guides and documentation to configure two Virtual Server with APM (Client/RS and AS) on the same BIG-IP.
https://my.f5.com/manage/s/article/K14391041
Implementing basic OAuth with F5 BIG-IP APM
After failing with the manual configuration I've also implemented the same basic concept with the two Guided Configuration "OAuth Authorization Server" and "F5 as OAuth Client and Resource Server".
Both virtual Server have a different public resolvable hostnames.
My issue exists during the following test:
- Accessing the first VS with APM Policy OAuth Client
- gets redirected to second VS (Oauth AS)
- Login with AD Credentials (successfull)
- Website is stuck after the Client is doing a /GET to https://hostname2.domain.ch/oauth/client/redirect?code=xxx123&state=yyy
- APM in Debug Logs the following Error: 'Invalid json' and 'Failed to perform curl: Failure when receiving data from the peer'
I can see a "Requesting new token for server" and also issued Auth Codes, but never seen Issued Access Tokens.
My Test was done from a Browser and also from Postman (same as in the Guide).
Do you have any hints where my problem could be or if there is a Known Issue with the Version 17.1.2.1.
I appreaciate everyones help!
2 Replies
rmNschguetI was able to resolve the issue. Everything worked as expected on the BIG-IP side. As you mentioned, the BIG-IP was not able to get a token from itself (AS on the same BIG-IP) (token request through after DNS resolve to a public ip), the issue was located in our firewall construct, as I had to build a policy from internal to access the public IP which was also provided by the same firewall.
- Injeyan_Kostas
Cirrostratus
It sounds like Client Policy cannot contact Authorization Server Policy in order to exchange received Auth code with an Access Token
Have you did a tcpdump to check netwrok connectivity issues?
