authorization server
2 TopicsWAF for APM Oauth Authorization VS
Hi, We are testing the using of F5 as a OAuth Authorization Server and also a Resource Server. We have a WAF policy attached the VS representing of the Resource Server, which has an IIS server behind it. Since VS of the Auth Server will only utilize APM capabilities and won't actually have any application/web server behind it, I'm wondering if it's advised to add a WAF policy for this VS. I was told it's not necessary but I find it odd, since attackers can still try to attack the F5 itself. Any thoughts?Solved182Views0likes7CommentsAPM policy with external logon page for authorization server
Hi All, we are Using APM as an authorization server and an external logon page has been configured in the access policy. The external logon page is configured to capture the credentials and then posts it back to /my.policy as Ajax call (for a better user experience). the problem is the response from the AS. it redirects to the resource, for example: https://resource.example.com/oauth/client/redirect?error=access_denied&state=5x8IL https://resource.example.com/oauth/client/redirect?code=89d016e1c70140c52441bf5aad&state=5DqyFME-D I tried to change the response by irule events and http::respond to 200 OK/ 401 unauthorized but it`s not working. Any ideas? Thanks for your assistance in advance.278Views0likes0Comments