Trouble with OAuth2 Authorization supplying JWT token

Question

I've spent days now racking my head trying to get this to work. I have a client who needs the BIG-IP just to supply a JSON Web Token through OAuth2 Authorization on APM to an api client. They are not using a Resource server, they just want the token and their custom api will do the rest. I've configured the Access Profile and yet anything I do always comes back with the following log entry :&nbsp;
/Common/oath-auth-profile_act_oauth_authz_ag: OAuth mode not set for Authorization Agent: OAuth profile is not configured for this access profile.&nbsp;
There is no setting on the OAuth profile to enter the type of OAuth mode. Just the OAuth Client Application (Which they will not be using as they want to use direct api access to request the token).&nbsp;
The https logon page displays correctly (for testing) and the ldap auth works. Once it gets to the OAuth Authorization it immediately fails and enters the above into the apm.log&nbsp;
Any help would be greatly appreciated.&nbsp;

walter_kacynski · Answer

OK, I had this problem. The OAuth Authorization agent requires an HTTP POST to the uri-path specified on the profile from an OAuth2 Client. That client can be another application like postman, Java, .NET, Node, etc, or another BIG-IP access policy (OAuth Client agent).

marvin · Answer

Hi Walter, could you share some more details on how to craft such a POST call to test the Oauth authorization server?

marvin · Answer

you should include the username and password in the payload to authenticate on the F5 logon page and afterwards include an authorization code and with that receive the JSON Web Token (JWT) if I am correct...

marvin · Answer

Already have the answer use Postman and select Type oauth request 2.0 and fill in the client secret and id and you are good to go!

dromero · Answer

Hi,I would like to configure the same as Arno_Kobarg_623. However, we don't know how to configure postman to include the username and password in the payload to authenticate on the F5 logon page and afterwards include an authorization code to receive the JSON JWT.I can select Type Oauth 2.0 in Postman and fill the client secret and ID but afterwards I see the logon page, where I would like to include the username and password instead of filling the logon page.Thanks!!

Forum Discussion

Trouble with OAuth2 Authorization supplying JWT token

5 Replies

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

JWT authorization with NGINX Ingress Controller

JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo)

iRule - Authorization Bearer / Basic

Curse the Rusty OSS supply chain - September 10th to 16th, 2023 - F5 SIRT - This Week in Security

OWASP Tactical Access Defense Series: Broken Object Property Level Authorization and BIG-IP APM