so lets say
http://test/sso/protected/changeUser => pool backendA
http://test/sso/protected/test => pool backendA - it just dumps all the headers and cookie sent on the request
is protected by OAuth in APM
and that I have SSO setup so that a JWT is sent to the back end (pool)
if I open a browser and go to http://test/sso/protected/test I can sent to the OAuth server to get a oauth token
then my request gets sent to pool backendA and it sends a html page with all of my info - works
if I go to http://test/sso/protected/changeUser and it just sends a 401 i get this on the browser okay then i go back to
http://test/sso/protected/test - I get not authorised
How can I get APM or F5 to no interpret the 401 being send by the backend pool
Look at your SSO config - it should be setup as OAuth Bearer. You can either send all the time, or based on a 401 response, and you can send a passthrough from the OAuth IdP, or create a new JWT.
I'd be inclined to set it to create a new JWT and see whether it sends the JWT based on server response. If so, there is probably an issue with the OAuth IdP JWT ( ie maybe it is opaque rather than JWT ) so do some logging around this and dig into it.
Sorry I wasn't clear I send the JWT on every request - one of the request failed some logic in the code on the back and and the return was a 401. at that point APM invalidate the SSO session and blanked out the JWT and all furthor requests failed not authorised.
I don't want the f5 to act on the 401 sent by the back end server