Forum Discussion
BIGIP OAUTH : Transmit "Application id" to backend server after a successful atuthentication
- Jan 08, 2024
Thanks for the extra detail.
I'd suppose that if your user session is authenticated with APM (the user is sending APM's MRHSession cookie so is associated with an APM session) and the app ID is recorded inside the session, and the user is accessing the backend through APM, all you'd have to do is grab this info and add a header during ACCES_ACL_ALLOWED. This event is fired during each network request from users, and can be used more or less like HTTP_REQUEST.
when ACCESS_ACL_ALLOWED {
set appid [ACCESS::session data get "session.oauth.authz.client_id"]
HTTP::header replace "X-PARTNER-ID" $appid
log "Inserted appid: $appid"
}
you can try to insert the application id as new header when f5 forward request to servers.
https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-local-traffic-management-getting-started-with-policies/introducing-local-traffic-policies.html#GUID-61565E50-4FF3-439C-BDEF-7AB2EA3D7830
https://clouddocs.f5.com/api/irules/HTTP__header.html
To add to this a little,
I think you'd need to hard-code the app-id and just put it into the iRule manually. The data-plane in APM has some limited read access to *some* APM resource information (this is the info stored inside the "policy snapshot") using "ACCESS::session data get config <fully-qualified config object name>", but I'm almost certain that APM doesn't store information about app-ids in the snapshot.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com