openid
3 TopicsOpenID Prompt support
I am trying to get our Android application to authenticate with an F5 backend using OpenID. I found that when we send an authorization request with the prompt field set to login, the F5 server does NOT prompt the user to enter their credentials. Is this supported by F5 and if so, is there instructions that I can send to our customer. Thank you in advance for any help. For more information: From https://openid.net/specs/openid-connect-core-1_0.html: prompt OPTIONAL. Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are: none The Authorization Server MUST NOT display any authentication or consent user interface pages. An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent for the requested Claims or does not fulfill other conditions for processing the request. The error code will typically belogin_required,interaction_required, or another code defined inSection3.1.2.6. This can be used as a method to check for existing authentication and/or consent. login The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typicallylogin_required. consent The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typicallyconsent_required. select_account The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, typicallyaccount_selection_required.443Views0likes0Commentsoauth server generated jwt token problem
Hi all, We have a customer try to do oauth with a dovecot server, they have the following problems using the f5 as a oauth server: The "typ" jwt header is missing, this should be set to "JWT". F5 set the JWT token nbf (not valid before) to some minutes in the past, this breaks dovecot auth. Customer want to use the following oauth features, are these supported? https://openid.net/specs/openid-connect-frontchannel-1_0.html https://openid.net/specs/openid-connect-backchannel-1_0.html Do you know how the above could be customized in f5 to set to values the dovecot would accept? Thank you for any hint. Peter1.2KViews3likes5CommentsAPM as Oauth Authorization server
I am trying to figure out how to setup APM as an Authorization server for ESRI portal. Any ideas you could provide would be appreciated. Current F5 Setup: Running version 14.1.4.4 I have configured Oauth using guided configure and OAuth Authorization server Oauth profile: Is not using Opaque Token as I read that can cause issues but I am usingsupport for JWT and OpenID connect enabled. Client Application using OpenID Connect and Secret I have tried different scopes but not exactly sure what I need to define and what should be sent as part of default openID. Single Virtual server that has Access profile tied to it Access profile with Login page, AD auth and Oauth_authorization. Profile has Oauth profile tied to it. ESRI setup: I have populated Client ID and secret from client application created on F5 side I am using default scopes (openid email and profile) Other information: When I try to connect I get did not receive user profile parameter from the provider If I connect ESRI to google as the providor I have no issues so it is something I am missing on my APM config. I have tried a bunch of the configuration guides but not sure what I am missing. Want to be able to use openid via oauth version 2.0 that will use on prem Active directory idenity to login to a cloud application. Questions: Is there something obvious that I am missing in order for the service providor to be able to get user profile information from apm? From what I read you need to defind scopes but do you need to defind scopes for openid or profile? If so what do you use for the value on those scopes? Thanks NolanSolved3.3KViews0likes4Comments