Forum Discussion
JorenC
Nimbostratus
NimbostratusKeycloak as idp for APM
Dear devcentral,
Has anyone successfully integrated keycloak as an OIDC backend for APM on F5?
We are running v13.1 so this version should be able to use this feature, right?
So far I have ...
JorenCNimbostratus
NimbostratusWe do have it running here. But haven't found the time to do full a write-up on the basic setup via APM.. :(
Any specific questions you have regarding the APM integration?
avengingNimbostratus
NimbostratusOK I tried to use the f5 as a resource server to validate JWT token.
Did you manage to do it using the oauth provider configuration with OpenID Connect discovery like https://keycloakhost:keycloakport/auth/realms/master/.well-known/openid-configuration ?
Because for me, the discovery works but if I use the auto-JWT part, on save, f5 tell me about an issue of certificate (the CA bunble provided in config is the one of the certificate for the OpenId discovery link, may be not the same use by master realm to sign token or authorisation code). So I created the JWKS part manualy.
A request to the f5 APM VIP well redirect to the keycloack for AUTH but once authenticated the F5 tell that it cannot validate the token or auth code provided by the keycloak.
As the password grant type has been deprecated, did you manage to make it work using the authorisation code flow?
Also, wonder if for the step scope validation, you use the f5 type or have created some specific for keycloak?.
Yes, if someone have time to do a detailed write up on dev central on how to configure APM with OpenID as Client and/or Ressource server for using with keycloak or any on premise custom Provider, I think this will help a lot of people.
Thanks.