APM Oauth clintless mode
Hi, We currently have the following setup: client( not a web browser) sends a post request to an internal oauth server with the following parameters: username: some_user password: some_pass scope: some_scope grant_type: some_grant if the client passes the authentication he receives a bearer access token which is inserted to the header on the response. Then he can access and use the rest api. We want to integrate F5 into the current scenario so it will act as a client/resource provider( I hope those are the right terms) and then will check the validity of the access token. I'm pretty new to all of the terms and the process of getting an access token, I have read couple of posts on devcentral, guides on f5 clouddocs and on ask f5 and started to play around with it. Those are the resources I've used so far: https://devcentral.f5.com/questions/apm-authentication-for-a-sessionless-and-clientless-api-62162 https://clouddocs.f5.com/training/community/iam/html/class2/module1/module1.html https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-single-sign-on-concepts-configuration-14-1-0/04.html https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-authentication-and-single-sign-on-14-0-0/38.html I have a very general idea how its supposed to work: Client sends a POST request to a VS with apm. An irule will check the request and insert clientless mode. somehow I need to parse the POST parameters and assign them to the appropriate APM variables. There must be a provider configuration and a request configuration ( with the appropriate variables which were parsed ). F5 requests an access token from the oauth server and if successful then on the response it inserts a bearer header with the received access token. The client sends requests to the api which is configured behind a different VS with a per request AP which will verify his bearer token and the scope with the Oauth server. I would like to know if that's something possible to achieve and where and how to start. Thanks, Alex
APM clientless inquiry
Hello Can we consider network access in APM as a client connection not clientless ?! Why we are giving connected users by clicking on network access IP from assigned pool ?! In normal clientless VPN when user connectes termination device uses his IP to contact servers right ? When I got a packet capture from backend server I found that there is no connection coming from user IP which take from pool but all connections from F5 local self IPAPM clientless inquiry
Hello Can we consider network access in APM as a client connection not clientless ?! Why we are giving connected users by clicking on network access IP from assigned pool ?! In normal clientless VPN when user connectes termination device uses his IP to contact servers right ? When I got a packet capture from backend server I found that there is no connection coming from user IP which take from pool but all connections from F5 local self IPAPM clientless inquiry
Hello Can we consider network access in APM as a client connection not clientless ?! Why we are giving connected users by clicking on network access IP from assigned pool ?! In normal clientless VPN when user connectes termination device uses his IP to contact servers right ? When I got a packet capture from backend server I found that there is no connection coming from user IP which take from pool but all connections from F5 local self IP