Manual Chapter : Common Elements - OAuth client and resource server

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.1, 15.0.0
Manual Chapter

Common Elements - OAuth client and resource server

  1. On the Main tab, click
    Access
    Federation
    OAuth Client / Resource Server
    Request
    .
    APM supplies several preconfigured requests for these providers: AzureAD (Azure Active Directory), F5 (APM), Facebook, Google, Okta, and Ping (PingFederate from Ping Identity).
  2. On the Main tab, click
    Access
    Federation
    OAuth Client / Resource Server
    OAuth Server
    .
    The OAuth Server screen opens.
  3. From the
    Type
    list, to get OAuth authorization services from another BIG-IP system, retain the default selection
    F5
    ; otherwise select another type.
    If any providers of the selected type exist, the
    OAuth Provider
    field displays one.
  4. From the
    OAuth Provider
    list, retain the default selection or select another provider.
  5. From the
    DNS Resolver
    list, select a DNS resolver (or click the plus (
    +
    ) icon, create a DNS resolver, and then select it).
  6. If you have iRules to use, in the
    iRules
    setting move them to the
    Selected
    list.
    For detailed information on iRules, see the F5 Networks DevCentral web site,
    devcentral.f5.com
    .
  7. In the
    Token Validation Interval
    field, type a number.
    If you configure a per-request policy subroutine to validate the token, the subroutine repeats at this interval, or the expiry time of the access token, whichever is shorter.
  8. In the Client Settings area, fill in these fields:
    You should have gotten a client ID and client secret when you registered APM as a client of the OAuth authorization server.
    1. In the
      Client ID
      field, type or paste the client ID.
    2. In the
      Client Secret
      field, type or paste the secret.
    3. From the
      Client's ServerSSL Profile Name
      , select a server SSL profile.
  9. In the Resource Server Settings area, fill in these fields.
    You should have gotten an ID and secret from the OAuth authorization server when you registered APM with it.
    Social account providers supply only client ID and client secret. For social account providers, use the client ID and client secret for the client and the resource server IDs and secrets.
    1. In the
      Resource Server ID
      field, type or paste the resource server ID (for an enterprise provider).
      For a social provider, type or paste the client ID instead.
    2. In the
      Resource Server Secret
      field, type or paste the resource server secret (for an enterprise provider).
      For a social provider, type or paste the client secret instead.
    3. From the
      Resource Server's ServerSSL Profile Name
      , select a server SSL profile.
  10. Click
    Finished
    .
    The server displays on the OAuth Servers screen.
The request displays in the list on the screen.
Requests are available for selection in the OAuth Client and OAuth Scope agents when you configure an access policy or a per-request policy subroutine.