Manual Chapter :
Creating an OAuth auth subroutine
Applies To:
Show Versions
BIG-IP APM
- 15.0.1, 15.0.0
Creating an OAuth auth subroutine
You should have a per-request policy, an OAuth
authentication server for authentication with Okta, and RADIUS server for authentication
with MFA.
Create the subroutines to allow continuous
checks and authentication with OAuth and MFA when the user goes to a specific
URL.
- From the Main tab, click .
- Find the policy you want to edit, and in the Per-Request Policy column, clickEdit.
- In the per-request policy, clickAdd New Subroutine.
- Name the subroutine for use with OAuth and MFA. For example,OAuth Login.
- ClickSave.
- Expand the subroutine, and click the plus to add a new item.
- Click theAuthenticationtab, selectOAuth Client, and clickAdd Item.
- Configure the OAuth client settings for your environment.
- ClickSave.
- On the Successful branch, click the plus to add a new item.
- Click theAuthenticationtab, selectOAuth Scope, and clickAdd Item.
- Configure the OAuth scope settings for your environment.
- ClickSave.
- On the Succesful branch, click the plus to add a new item.
- Click theAssignmenttab, selectVariable Assign, and clickAdd Item.
- ClickAdd new entry.
- On the left, selectCustom Variableand typesubsession.logon.last.username.
- On the right, selectSession Variableand typesubsession.oauth.client.last.id_token.preferred_username.
- Specify terminals for success and fail branches.This example shows a completed subroutine for OAuth auth.
The OAuth auth subroutine is now
configured.
Configure the MFA
subroutine, and add the subroutines to a per-request policy.
