Forum Discussion
NimbostratusOpenID Connect as Client and Resource server
MVPMaybe you need to focus on why the client does not send the cookie ? Is it a normal web user with a browser in normal not incognito mode ?
The issue you describe sounds not apm one as it is described in the clientles mode article that you can try using:
https://my.f5.com/manage/s/article/K000137617
Also if this is API traffic see
https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-access-policy-manager-api-protection.html as the API protection mode is newer way than clientles mode.
Other than that 21.1 ads DCR but maybe in your case it will not help as this is dynamic client registration:
Blobbs_001Here are my logs ..
Yes I am testing in Chrome via incognito
Jun 3 09:10:35 SDCZ-F5BR-01.dummy.local notice tmm1[22726]: 01490506:5: /Common/Oauth_Logon:Common:a696b8bb: Received User-Agent header: Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x 64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F146.0.0.0%20Safari%2F537.36.
Jun 3 09:10:35 SDCZ-F5BR-01.dummy.local notice tmm1[22726]: 01490500:5: /Common/Oauth_Logon:Common:a696b8bb: New session from client IP 10.0.0.1 (ST=/CC=/C=) at VIP 192.168.1.11 Listener / Common/auth.user.domain.com-internal (Reputation=Unknown)
Jun 3 09:10:35 SDCZ-F5BR-01.dummy.local notice tmm1[22726]: 01490584:5: /Common/Oauth_Logon:Common:a696b8bb: APM Session for OAuth Authorization request, OAuth ID (ce710a816392bcf00fddfcb58c1 cdc481ce4161daeb1d6cb) OAuth Profile (/Common/Auth_Profile) DB Instance (/Common/oauthdb) Client ID (2ec3eeb8a286f8683c13f70d65da005056be194b5e08076a)
Jun 3 09:11:14 SDCZ-F5BR-01.dummy.local notice tmm2[22726]: 01490521:5: /Common/Test12:Common:acf57247: Session statistics - bytes in: 2941, bytes out: 2725
Jun 3 09:11:36 SDCZ-F5BR-01.dummy.local notice tmm2[22726]: 01990008:5: /Common/Oauth_Logon:Common:a696b8bb: [ce710a816392bcf00fddfcb58c1cdc481ce4161daeb1d6cb] New AuthCode generated for Clie nt ID 2ec3eeb8a286f8683c13f70d65da005056be194b5e08076a IP 10.0.0.1 App (Sharepoint_SubService) User agent (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36) Code-challenge ((null)) Code-challenge-method ((null)) for (JWT) Token
Jun 3 09:11:36 SDCZ-F5BR-01.dummy.local notice tmm2[22726]: 01990024:5: /Common/Oauth_Logon:Common:a696b8bb: [ce710a816392bcf00fddfcb58c1cdc481ce4161daeb1d6cb] New OAuth ID Token Issued at 17 80477896 Expires at 1780478196 generated for Client ID 2ec3eeb8a286f8683c13f70d65da005056be194b5e08076a IP 10.0.0.1 App (Sharepoint_SubService) User agent (Mozilla/5.0 (Windows NT 10.0; Wi n64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36)
Jun 3 09:11:36 SDCZ-F5BR-01.dummy.local notice tmm1[22726]: 01490567:5: /Common/Oauth_Logon:Common:a696b8bb: Session deleted (oauth_finished).
So I can see the Auth-ID is created but the session is deleted. What I need is to keep the session opemn so that its handed over to Test12
Jun 3 09:11:36 SDCZ-F5BR-01.dummy.local notice tmm3[22726]: 01490506:5: /Common/Test12:Common:77d14b8c: Received User-Agent header: Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%2 0AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F146.0.0.0%20Safari%2F537.36.
Jun 3 09:11:36 SDCZ-F5BR-01.dummy.local notice tmm3[22726]: 01490500:5: /Common/Test12:Common:77d14b8c: New session from client IP 10.0.0.1 (ST=/CC=/C=) at VIP 192.168.1.12 Listener /Commo n/user.domain.com-internal (Reputation=Unknown)
Jun 3 09:11:36 SDCZ-F5BR-01.dummy.local notice tmm3[22726]: 01490567:5: /Common/Test12:Common:77d14b8c: Session deleted (restarted).
But this is seen as a new session rather than handed over from OAuth_logon.
How do I get this done and stop the session being deleted when finishsed
- Nikoolayy1
Blobbs_001 have you read the replies by and the other people ?
