Manual Chapter : Configuring an OAuth server for APM as client and resource server

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Configuring an OAuth server for APM as client and resource server

You configure the OAuth servers that process requests from Access Policy Manager (APM).
For APM to play the role of an OAuth client and an OAuth resource server, configure OAuth servers with
Mode
set to
Client + Resource Server
.
  1. On the Main tab, click
    Access
    Federation
    OAuth Client / Resource Server
    OAuth Server
    .
    The OAuth Server screen opens.
  2. Click
    Create
    .
  3. In the
    Name
    field, type a name for the object.
  4. From the
    Mode
    list, select
    Client + Resource Server
    .
    APM can use this OAuth server to request access tokens and scope details, such as an email address for the user.
    The Client Settings and Resource Server Settings areas display.
  5. From the
    Type
    list, select
    Okta
    .
  6. From the
    OAuth Provider
    list, select the Okta OAuth provider you defined.
  7. From the
    DNS Resolver
    list, select a DNS resolver (or click the plus (
    +
    ) icon, create a DNS resolver, and then select it).
  8. In the
    Token Validation Interval
    field, type a number.
    If you configure a per-request policy subroutine to validate the token, the subroutine repeats at this interval, or the expiry time of the access token, whichever is shorter.
  9. In the Client Settings area, fill in these fields:
    You should have gotten a client ID and client secret when you registered APM as a client of the OAuth authorization server.
    1. In the
      Client ID
      field, type or paste the client ID.
    2. In the
      Client Secret
      field, type or paste the secret.
    3. From the
      Client's ServerSSL Profile Name
      , select a server SSL profile.
  10. In the Resource Server Settings area, fill in these fields.
    You should have gotten an ID and secret from the OAuth authorization server when you registered APM with it.
    Social account providers supply only client ID and client secret. For social account providers, use the client ID and client secret for the client and the resource server IDs and secrets.
    1. In the
      Resource Server ID
      field, type or paste the resource server ID (for an enterprise provider).
      For a social provider, type or paste the client ID instead.
    2. In the
      Resource Server Secret
      field, type or paste the resource server secret (for an enterprise provider).
      For a social provider, type or paste the client secret instead.
    3. From the
      Resource Server's ServerSSL Profile Name
      , select a server SSL profile.
  11. Click
    Finished
    .
    The server displays on the OAuth Servers screen.
You can now select the OAuth server that you configured from the OAuth Client and OAuth Scope agents when you configure an access policy or a per-request policy.