Authorize request based on JWT group claims with API protection profile

Question

Hello all!I´m trying to figure out a way to authorize requests that have been already authenticated by an Oauth scope step in the per-request policy. Conceptually it sounds quite simple: if a group is present in the JWT claims, the request should be authorized, otherwise it should be rejected.I´ve found a lab explaining how to achieve the same on Nginx plus, so I would think it should be possible with APM, nevertheless I´m unable to find a way to access the JWT payload from APM.A workaround would be to handle it with an Irule on LTM, converting the base64 content on the JWT, parsing it and checking the content, but I´d be surprised it doesn´t come out of the box with APM.TIA,Pablo

ustrum · Answer

In case someone ends up in this thread, eventually got this sorted out with irules (what else?), based on the jwt parser from this post

Forum Discussion

Authorize request based on JWT group claims with API protection profile

1 Reply

Recent Discussions

About custome Response Blocking Page

Office Online Server with SharePoint 2016

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

Related Content

L7 DoS Protection with NGINX App Protect DoS

Managing NGINX App Protect WAF for Beginners

iRule - Authorization Bearer / Basic

OWASP Tactical Access Defense Series: Broken Object Level Authorization and BIG-IP APM

F5 Essential App Protect: Go !