Forum Discussion
Nico_the_other
Altocumulus
AltocumulusBIGIP OAUTH : Transmit "Application id" to backend server after a successful atuthentication
Hello @ all 🙂 I took over the management of a bigip (15.1.1) on which APM is configured, in particular to do OAUTH for partner applications. I'd like to know if it is possible to transmit used ap...
Thanks for the extra detail.
I'd suppose that if your user session is authenticated with APM (the user is sending APM's MRHSession cookie so is associated with an APM session) and the app ID is recorded inside the session, and the user is accessing the backend through APM, all you'd have to do is grab this info and add a header during ACCES_ACL_ALLOWED. This event is fired during each network request from users, and can be used more or less like HTTP_REQUEST.
when ACCESS_ACL_ALLOWED {
set appid [ACCESS::session data get "session.oauth.authz.client_id"]
HTTP::header replace "X-PARTNER-ID" $appid
log "Inserted appid: $appid"
}
Nico_the_otherAltocumulus
Altocumulushello Lucas_Thompson ,
Thank you for your answer 🙂
I'm sorry if I wasn't clear enough, but OAUTH is already setup on the F5, and it is already working. My question was about transmit "the application id" to the backend
I already successfuly grab the information with, and tried to add a header.
when HTTP_RESPONSE {
set appName [string trim [ACCESS::session data get "session.oauth.authz.client_app_name"] "/Common/"]
set appClientID [ ACCESS::session data get "session.oauth.authz.client_id"]
}
when ACCESS_POLICY_AGENT_EVENT {
if { ([info exists appClientID]) and ([string length ${appClientID}] > 0) } {
HTTP::header insert "X-PARTNER-ID" ${appClientID}
}
The idea is to transmit to backend the application id used to do usage billing