01-Mar-2023 00:42 - edited 01-Mar-2023 00:49
Hi Folks,
I have the following challenge and I am unsure, how it can be solved.
Szenario 1: Internal Access
This works like a charme. The user go's to the Web Application, clicks on the OIDC Login Link, is redirected to the Authorization Server, etc. The classic grant flow.
Szenario 2: External Access through APM Portal
The customer demand is, to publish this web application through a F5 APM Webtop with single sign on. The Web Application does not support getting the JWT from the authorization header, therefore all Bearer SSO methodes are not working.
The application must go through the OAuth Grant Flow transparently for the user. This looks like the SAML Inline SSO method, but that is not possible with OAuth or do I miss anything?
I have two ideas, how this can be solved. It would be great, If someone knows an even simpler method.
The new access session for the Authorization server is required, because:
First idea:
Second idea:
At initial auth-redirect Request from the Web Application:
This are the only two ideas I have, too solve this challenge. However, is it really as complex as I think or is there a really simple method I have overseen?
05-Mar-2023 23:39
Am I really the first to stumble upon this scenario?
07-Mar-2023 18:30
Hi @Juergen_Mang - I'm hoping @Sven_Mueller can come by and answer this one.