Forum Discussion

Cirrocumulus

Jan 31, 2023

Per Request access policy with OAuth Client Subroutine

I have a per request policy with a URI that is protected with a OAuth Client Typically this works by using 302 redirect either to /my.policy and then 302 to the OAuth server to get a new token My p...

APM SSO OAuth

devops

Juergen_Mang
Jan 31, 2023
You can replace the 302 with 401 in the HTTP_RESPONSE_RELEASE event.

Don't forget to set:

ACCESS::restrict_irule_events disable

Juergen_Mang

MVP

Have you tried the clientless mode?

when HTTP_REQUEST {
    HTTP::header insert "clientless-mode" 1
}

AlexS_yb

Cirrocumulus

Jan 31, 2023

I believe that will stop the 302 to /my.policy

but will it stop the 302 to the oauth server to get a new / or renew a OAuth access token ?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Per Request access policy with OAuth Client Subroutine

Recent Discussions

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

iRule for client certificate verification and inserting CN

Related Content

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

ASM Too many concurrent long requests

Harnessing the power of F5 BIG-IP Access Policy Manager (APM) and Microsoft

Validating JWT in per-request policy - subsession

Per-Request subroutine loop setup?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS