Forum Discussion

wilfordbrimley's avatar
wilfordbrimley
Icon for Nimbostratus rankNimbostratus
Jan 09, 2025

EntraID + F5 as Oauth client/resource server not sending ID Token to app

Hello,   Here is the basic setup.  F5 is configured to use EntraID and is set up as the client+resource server. When a user logs into the web app via EntraID they are able to login just fine. Ho...
entraid
help
oauth
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Jan 22, 2025

So you have also configured oauth bearer sso between F5 and web app?
As for ID token you should get if OpenId connect option is enabled on oauth client config.

 

Is AMP able to validate the access token at least?

 

 

  • wilfordbrimley's avatar
    wilfordbrimley
    Icon for Nimbostratus rankNimbostratus
    Jan 22, 2025

    APM seems to have no issues, but when I do a packet cap between the F5 and the pool members, I only see the access token in the header and no id token. We have worked around the issue by adding {clientid}/.default to the "scope" options in APM. Once we did this the web app had no issues validating the token. still curious why the F5 is only sending over the access token though.