Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

F5 oAuth Federation with client assertion type = jwt-bearer

awan_m
Cirrus
Cirrus

Hi - 

i am trying to setup user authentication with oAuth and F5 is the Client + Resour provider - that needs to authenticate the user - 

Question - the options available are to send clientid and secret to get information 

is it possible to use 

client_assertion_typeurn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertionA JWT that the client has signed

thanks

4 REPLIES 4

Leslie_Hubertus
Community Manager
Community Manager

Hi @awan_m - have you been able to figure this one out yet? I see nobody in the community had an answer, so I'm trying to find a colleague who can help. Hopefully someone can reply in the mean time!

Thanks for following it up - No i have not succeeded in implementing this solution 

i need to generate a JWT and send it to my IDP - thats where i am failing 

 

Matt_Dierick
F5 Employee
F5 Employee

Hi,

If I understand correctly, APM is set as Client and RS. It means APM will redirect the user to your AS in order to authenticate and get a token (Client role). Which grant is set in your AS ? Authorization code grant ?

Then APM will validate the JWT token (RS role).

By default, APM uses JWT-BEARER as insertion type, and JWT signed (not encrypted by default)

Thanks for the response 

for openidconnect - i have setup flow type as Hybrid - and Hybrid response type as code-idtoken-token

my identity provider is forgerock asn the attached image shows teh flow

jwt_diagram.JPG