Configure APM for OAuth 2.0 and Active Directory authentication

Question

Hi,
I would like to configure APM to play the role of an authorization server using OAuth 2.0 and OpenID Connect protocols.  I would also like the authentication to be made using Active Directory, inside our corporate network.  Since APM allows to authenticate with AzureAD, I assume this is possible but how?&nbsp;
Thank you&nbsp;

thi · Answer

APM can be OAuth 2.0 authorization server at least since sw version 13. OpenId Connect Client and Resource server roles were supported in sw 13.1. I have used the functionality a couple of times with AD and also chaining to SAML federation. &nbsp;
OpenID Connect authorization server  (OIDC Provider) support came with the recent sw version 14.0, which I haven't had time to look at yet.  
&nbsp;
There is documentation in AskF5, but I'm still trying to find it for the OIDC Provider (authorization server) part, though. One has to have understanding of how OAuth 2.0/OIDC flows work as the documentation is note very clear for a beginner. There are quite a few things to configure and a lot of new terminology. I learned it more or less by trial and error, and reading OIDC tutorials, so a lab to test helps.&nbsp;
See (v14 documentation):&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-authentication-and-single-sign-on-14-0-0/38.htmlguid-be8761c9-5e2f-4ad8-b829-871c7feb2a20&nbsp;

Forum Discussion

Configure APM for OAuth 2.0 and Active Directory authentication

Recent Discussions

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Use of SSL Decryption.

Big IP DNS Failover

Related Content

Azure Active Directory and BIG-IP APM Integration

Configuring Smart Card Authentication to BIG-IP Management Interface

Doing mTLS Authentication per URL

iControl REST Authentication Token Management

Remote User Authentication (e.g. F5 admins) using Azure Active Directory

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS