Forum Discussion

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP

Hi  ,

 

did you get any further with this? I managed to get it going following strictly https://support.f5.com/csp/article/K14391041.

I will adjust my setup throughout the weekend to add the configuration required for JWT and will test further.

Any results from taking a tcpdump or maybe you can change the Log profile to debug level for OAuth?

 

KR

Daniel

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Apr 04, 2021

Just to clarify that I am not missing something important - you want to achieve the following:

 

Client goes to https://app.example.com (Resource Server).

Is redirected to https://auth.example.com (Authentication Server), client authenticates with <whatever>, receives token.

Is redirected back to https://app.example.com and authenticates there once with the token received from the Authentication Server.

The client then receives the APM cookies and no further token is required.

 

Is that correct? Because I got this working with your settings from above.

Only thing I have different is the cookie settings and some minor stuff like username instead of mail.

 

Anything obvious that might be off in your config? Like mixing http and https or IP and FQDN, or something off with your DNS config in apm-dns-resolver?

 

  • julienb's avatar
    julienb
    Icon for Nimbostratus rankNimbostratus
    Apr 09, 2021

    Hello,

     

    Sorry for the late reply, I was busy with other projects.

     

    The process (for the moment) is :

    • The user goes to apptest.example.com (RS)
    • He is redirect to appauth.example.com (AS)
      • The client authenticates
    • Then he is redirect to webapp.example.com (the website) with a token
    • And yes he gets an APM cookie

     

    The client is redirected to the IP of the website (webapp.example.com = 10.0.0.4) instead of a FQDN, but everything use HTTPS.

     

    Thank you for your time.

     

    Best regards.