cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Trouble with OAuth2 Authorization supplying JWT token

Arno_Kobarg_623
Nimbostratus
Nimbostratus

I've spent days now racking my head trying to get this to work. I have a client who needs the BIG-IP just to supply a JSON Web Token through OAuth2 Authorization on APM to an api client. They are not using a Resource server, they just want the token and their custom api will do the rest. I've configured the Access Profile and yet anything I do always comes back with the following log entry :

 

/Common/oath-auth-profile_act_oauth_authz_ag: OAuth mode not set for Authorization Agent: OAuth profile is not configured for this access profile.

 

There is no setting on the OAuth profile to enter the type of OAuth mode. Just the OAuth Client Application (Which they will not be using as they want to use direct api access to request the token).

 

The https logon page displays correctly (for testing) and the ldap auth works. Once it gets to the OAuth Authorization it immediately fails and enters the above into the apm.log

 

Any help would be greatly appreciated.

 

5 REPLIES 5

Walter_Kacynski
Cirrostratus
Cirrostratus

OK, I had this problem. The OAuth Authorization agent requires an HTTP POST to the uri-path specified on the profile from an OAuth2 Client. That client can be another application like postman, Java, .NET, Node, etc, or another BIG-IP access policy (OAuth Client agent).

 

Marvin
Cirrostratus
Cirrostratus

Hi Walter, could you share some more details on how to craft such a POST call to test the Oauth authorization server?

Marvin
Cirrostratus
Cirrostratus

you should include the username and password in the payload to authenticate on the F5 logon page and afterwards include an authorization code and with that receive the JSON Web Token (JWT) if I am correct...

Marvin
Cirrostratus
Cirrostratus

Already have the answer use Postman and select Type oauth request 2.0 and fill in the client secret and id and you are good to go!

dromero
Nimbostratus
Nimbostratus

Hi,

I would like to configure the same as Arno_Kobarg_623. However, we don't know how to configure postman to include the username and password in the payload to authenticate on the F5 logon page and afterwards include an authorization code to receive the JSON JWT.

I can select Type Oauth 2.0 in Postman and fill the client secret and ID but afterwards I see the logon page, where I would like to include the username and password instead of filling the logon page.

Thanks!!