For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Khalid_A's avatar
Khalid_A
Icon for Nimbostratus rankNimbostratus
Mar 05, 2018

Creating JWS session tables

Hi,   We're implementing API authentication/authorization based on JWT. The API and authorization server are all behind F5. We've been asked just to store the JWS sent back from the authorization ...
application delivery
BIG-IP Access Policy Manager (APM)
LTM
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Mar 05, 2018

So client authenticates, token generated by server would be stored on BIG-IP, and a new one generated by BIG-IP and sent to client, with a mapping of clientside/servside tokens managed on BIG-IP?

 

Does the client need to do anything with this token other than use it for further inbound communications? Are all those communications coming back to same BIG-IP? Does this data need to persist a failover? A reboot?