I have the following challenge and I am unsure, how it can be solved.
Szenario 1: Internal Access
This works like a charme. The user go's to the Web Application, clicks on the OIDC Login Link, is redirected to the Authorization Server, etc. The classic grant flow.
Szenario 2: External Access through APM Portal
The customer demand is, to publish this web application through a F5 APM Webtop with single sign on. The Web Application does not support getting the JWT from the authorization header, therefore all Bearer SSO methodes are not working.
The application must go through the OAuth Grant Flow transparently for the user. This looks like the SAML Inline SSO method, but that is not possible with OAuth or do I miss anything?
I have two ideas, how this can be solved. It would be great, If someone knows an even simpler method.
The new access session for the Authorization server is required, because:
At initial auth-redirect Request from the Web Application:
This are the only two ideas I have, too solve this challenge. However, is it really as complex as I think or is there a really simple method I have overseen?