i am trying to setup user authentication with oAuth and F5 is the Client + Resour provider - that needs to authenticate the user -
Question - the options available are to send clientid and secret to get information
is it possible to use
|client_assertion||A JWT that the client has signed|
Hi @awan_m - have you been able to figure this one out yet? I see nobody in the community had an answer, so I'm trying to find a colleague who can help. Hopefully someone can reply in the mean time!
Thanks for following it up - No i have not succeeded in implementing this solution
i need to generate a JWT and send it to my IDP - thats where i am failing
If I understand correctly, APM is set as Client and RS. It means APM will redirect the user to your AS in order to authenticate and get a token (Client role). Which grant is set in your AS ? Authorization code grant ?
Then APM will validate the JWT token (RS role).
By default, APM uses JWT-BEARER as insertion type, and JWT signed (not encrypted by default)
Thanks for the response
for openidconnect - i have setup flow type as Hybrid - and Hybrid response type as code-idtoken-token
my identity provider is forgerock asn the attached image shows teh flow