I've spent days now racking my head trying to get this to work. I have a client who needs the BIG-IP just to supply a JSON Web Token through OAuth2 Authorization on APM to an api client. They are not using a Resource server, they just want the token and their custom api will do the rest. I've configured the Access Profile and yet anything I do always comes back with the following log entry :
/Common/oath-auth-profile_act_oauth_authz_ag: OAuth mode not set for Authorization Agent: OAuth profile is not configured for this access profile.
There is no setting on the OAuth profile to enter the type of OAuth mode. Just the OAuth Client Application (Which they will not be using as they want to use direct api access to request the token).
The https logon page displays correctly (for testing) and the ldap auth works. Once it gets to the OAuth Authorization it immediately fails and enters the above into the apm.log
Any help would be greatly appreciated.
OK, I had this problem. The OAuth Authorization agent requires an HTTP POST to the uri-path specified on the profile from an OAuth2 Client. That client can be another application like postman, Java, .NET, Node, etc, or another BIG-IP access policy (OAuth Client agent).
you should include the username and password in the payload to authenticate on the F5 logon page and afterwards include an authorization code and with that receive the JSON Web Token (JWT) if I am correct...
I would like to configure the same as Arno_Kobarg_623. However, we don't know how to configure postman to include the username and password in the payload to authenticate on the F5 logon page and afterwards include an authorization code to receive the JSON JWT.
I can select Type Oauth 2.0 in Postman and fill the client secret and ID but afterwards I see the logon page, where I would like to include the username and password instead of filling the logon page.