Forum Discussion

awan_m's avatar
awan_m
Icon for Cirrostratus rankCirrostratus
Mar 22, 2023

F5 oAuth Federation with client assertion type = jwt-bearer

Hi - 

i am trying to setup user authentication with oAuth and F5 is the Client + Resour provider - that needs to authenticate the user - 

Question - the options available are to send clientid and secret to get information 

is it possible to use 

client_assertion_typeurn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertionA JWT that the client has signed

thanks

4 Replies

  • Hi,

    If I understand correctly, APM is set as Client and RS. It means APM will redirect the user to your AS in order to authenticate and get a token (Client role). Which grant is set in your AS ? Authorization code grant ?

    Then APM will validate the JWT token (RS role).

    By default, APM uses JWT-BEARER as insertion type, and JWT signed (not encrypted by default)

    • awan_m's avatar
      awan_m
      Icon for Cirrostratus rankCirrostratus

      Thanks for the response 

      for openidconnect - i have setup flow type as Hybrid - and Hybrid response type as code-idtoken-token

      my identity provider is forgerock asn the attached image shows teh flow

  • Hi awan_m - have you been able to figure this one out yet? I see nobody in the community had an answer, so I'm trying to find a colleague who can help. Hopefully someone can reply in the mean time!

    • awan_m's avatar
      awan_m
      Icon for Cirrostratus rankCirrostratus

      Thanks for following it up - No i have not succeeded in implementing this solution 

      i need to generate a JWT and send it to my IDP - thats where i am failing