Forum Discussion

wilfordbrimley's avatar
wilfordbrimley
Icon for Nimbostratus rankNimbostratus
Jan 09, 2025

EntraID + F5 as Oauth client/resource server not sending ID Token to app

Hello,   Here is the basic setup.  F5 is configured to use EntraID and is set up as the client+resource server. When a user logs into the web app via EntraID they are able to login just fine. Ho...
entraid
help
oauth
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Jan 22, 2025

APM will fetch Access token and ID token on the back channel from IDP, this means that it does not exists as http header in user request.

If you see the Access Token on web app I assume it's because you have configured oauth bearer sso between F5 and web app. 

This means that F5 will inject Access Token when forwarding user request to pool member. Of course web app needs to have a way to validate the token.

Not sure what you mean by adding {clientid}/.default to the "scope" options.

As for the ID token is consumed by the AMP itself, if you want to forward it to pool member you should inject it manually, maybe with an irule. But again web app should be able to validate it.