Forum Discussion
F5 APM with OIDC Web Duo Prompt
- Mar 14, 2024
For those who may run into this in the future sometimes it can be difficult to distinguish a _ from a - in the article. Should you run into this check for
- client_id parameter with type client-id
- response_type parameter with type response-type
- grant_type parameter with type grant-type
- redirect_uri parameter with type redirect-uri
Hi,
We have configured F5 APM with Duo Universal prompt. When I try to access VDI, it gives login page and then redirects to api host but gets 404 error, Can anyone help me with this? I have been troubleshooting this but not getting anywhere.
Thanks in Advance!
As a 404 is not found I would check to make sure that you have correctly copied the API host name. This would be api-xxxxx.duosecurity.com in the URLs authentication and token URLs during the OAUTH provider configuration step. Make sure auto JWT is off.
Also check in the JSON web token creation step as that uses the API host name as well.
Finally double check that name in the irule. (around line 40)
I hope that gives you places to dig. Good luck.
- ThanuMay 15, 2024Nimbostratus
Thanks for the quick response!
I copied again and updated the api host api-xxxxx.duosecurity.com.
On the iRule also I did change to api-xxxxx.duosecurity.com. After changes, it redirects to Duo.com page appended with our CLIENT ID.
Suspecting API is found but client ID is hitting DUO page.
Do we need to change or check anything from Duo side?
Just another Question- While creating iRule event on VPE, ID should be iRule name, is it?
- VulcanaMay 15, 2024Altostratus
DUO side is fairly straight forward. I have the universal prompt enabled, I have also turned on username normalization but I don't think you are actually getting as far as the username.
The irule event id is JWT_CREATE
This matches this line in the irule
if { $irname eq "JWT_CREATE" } {
Which is around line 62
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com