01-Mar-2023 00:42 - edited 01-Mar-2023 00:49
Hi Folks,
I have the following challenge and I am unsure, how it can be solved.
Szenario 1: Internal Access
This works like a charme. The user go's to the Web Application, clicks on the OIDC Login Link, is redirected to the Authorization Server, etc. The classic grant flow.
Szenario 2: External Access through APM Portal
The customer demand is, to publish this web application through a F5 APM Webtop with single sign on. The Web Application does not support getting the JWT from the authorization header, therefore all Bearer SSO methodes are not working.
The application must go through the OAuth Grant Flow transparently for the user. This looks like the SAML Inline SSO method, but that is not possible with OAuth or do I miss anything?
I have two ideas, how this can be solved. It would be great, If someone knows an even simpler method.
The new access session for the Authorization server is required, because:
First idea:
Second idea:
At initial auth-redirect Request from the Web Application:
This are the only two ideas I have, too solve this challenge. However, is it really as complex as I think or is there a really simple method I have overseen?
05-Mar-2023 23:39
Am I really the first to stumble upon this scenario?
06-Jun-2023 04:10
Hi @Juergen_Mang , we have exactly the same problem with the implementation of the web portal. Could you tell me, please, did you manage to choose the easiest option? the first option seems to be pretty easy.
06-Jun-2023 23:54
No, the project is actually on hold.
I tend to implement option 2, because we must not publish the OAuth server and keep the communication internal.
07-Mar-2023 18:30
Hi @Juergen_Mang - I'm hoping @Sven_Mueller can come by and answer this one.