We now try to set the claim with groups from the Active Directory.
With an iRule, I filtered the AD groups (from memberOf) and set a new APM variable (session.custom.groups) with this value:
yes, this is the easy part; but as we are not using the irule commands but the APM features directly to generate a JWT, i probably cant modify the resulting JWT inside an irule event?
But that wont work when F5 is acting as Authorization server, since it will generate the JWT along with the refresh token through some black-box-magic. If there is any way to modify this generated JWT with an iRule, now this would make me quite happy, but i couldnt find any way to do this.
Also, just for reference, take care when using ACCESS:oauth sign, since it will generate the Token with Base64Uriencoding (without padding), which is different from the actual APM VE config, which will do base64encoding WITH padding for some obscure reason.
Ah I see. Different use-case, same problem. I was seeing the same issue, but using APM for generating a Bearer token and not as the Authorization server, but the same issue occurs in both.
yes, this is the easy part; but as we are not using the irule commands but the APM features directly to generate a JWT, i probably cant modify the resulting JWT inside an irule event?
But that wont work when F5 is acting as Authorization server, since it will generate the JWT along with the refresh token through some black-box-magic. If there is any way to modify this generated JWT with an iRule, now this would make me quite happy, but i couldnt find any way to do this.
Also, just for reference, take care when using ACCESS:oauth sign, since it will generate the Token with Base64Uriencoding (without padding), which is different from the actual APM VE config, which will do base64encoding WITH padding for some obscure reason.
Ah I see. Different use-case, same problem. I was seeing the same issue, but using APM for generating a Bearer token and not as the Authorization server, but the same issue occurs in both.
Hi Daniel, I am looking for something similar as well that F5 should provide JWT wherin we have the claims (attributes) values. I ma new to this but I used the guided config and setup F5 as the authorization server, with Postman I can succesfully retrieve the access token and refresh token. I configured the claims in the application on the F5.
How do I actually retreive those values from F5, do I have to provide the access token to F5 as authorization header to be able to retreive this information or should it already be included shile receiving the access token? How to verify this with Postman (I am lacking oauth test APP). Could you eleborate on this and what about this RFE is this fixed now? Thanks a lot
Hi Daniel, ok thanks that makes sense so you just use GET method not POST? I just tested and F5 replies to the redirect URL with the Access token appended but I dont see any claims info. Inside the oauth profile and client application JWT checkbox is enabled, any thoughts left?
I confirm that when using token_content_type=jwt the claim variables are being set with right values except for the fact that its not responding with the JWT and claims information. The only thing is that its being redirected with parameter ?code=xxxxxxx
