Forum Discussion
F5 both as oauth provider and F5 resource server JWT introspect issue (JWK)
- Jun 30, 2020
If you already have set up the oauth provider on the F5 then you should already have the JWT key configuration also. When you then configure the F5 as the Oauth resource server in the menu:
Access ›› Federation : OAuth Client / Resource Server : Provider ›› F5-oauth-server
So when you add the F5 oauth provider (link between F5 oauth resource server to F5 oauth provder) then you should NOT select "Use auto JWT" as this will add new keys in the configuration. You just need to select the Token configuration select box as the reference to the already available keys
Access ›› Federation : JSON Web Token : Token Configuration
Inside this profile you select the allowed keys to use.
The actual keys you can find here:
Hi!
Had you any luck? I'm running against the same issue on my lab environment. Perhaps i'll upgrade it to 15.1, according to https://cdn.f5.com/product/bugtracker/ID759307.html
- MarvinJun 30, 2020Cirrocumulus
Hi, actually I had indeed and easily fixed with version 13.1 no need to upgrade. I suppose you use F5 both as the oauth provider and also as the oauth resource server / api gateway? The problem has to do with the keys automatically retrieved from the f5 oauth provider. You shouldnt use that link but manually configure it. Basically share the same keys on both oauth provider and oauth resource server fixed it for me.
Another improvement is to use internal validation instead of external (both work) but it will be faster validating internally on the F5, you can change that in VPE scope settings by changing to internal.
I can for sure share with you more details if this is not enough for you.
- teoiovineJun 30, 2020Cirrus
You mean, I should manually create the key configuration in both devices to be the same?
- MarvinJun 30, 2020Cirrocumulus
If you already have set up the oauth provider on the F5 then you should already have the JWT key configuration also. When you then configure the F5 as the Oauth resource server in the menu:
Access ›› Federation : OAuth Client / Resource Server : Provider ›› F5-oauth-server
So when you add the F5 oauth provider (link between F5 oauth resource server to F5 oauth provder) then you should NOT select "Use auto JWT" as this will add new keys in the configuration. You just need to select the Token configuration select box as the reference to the already available keys
Access ›› Federation : JSON Web Token : Token Configuration
Inside this profile you select the allowed keys to use.
The actual keys you can find here:
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com