F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Access Policy Manager: Implementing Zero Trust with Per-Request Policies
  3. Seamless OAuth with Okta and MFA
  4. Configuring an OAuth server for APM as client and resource server
Manual Chapter : Configuring an OAuth server for APM as client and resource server

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Configuring an OAuth server for APM as client and resource server

You configure the OAuth servers that process requests from Access Policy Manager (APM).
For APM to play the role of an OAuth client and an OAuth resource server, configure OAuth servers with
Mode
 set to
Client + Resource Server
.
  1. On the Main tab, click
    Access
    Federation
    OAuth Client / Resource Server
    OAuth Server
    .
    The OAuth Server screen opens.
  2. Click
    Create
    .
  3. In the
    Name
     field, type a name for the object.
  4. From the
    Mode
     list, select
    Client + Resource Server
    .
    APM can use this OAuth server to request access tokens and scope details, such as an email address for the user.
    The Client Settings and Resource Server Settings areas display.
  5. From the
    Type
     list, select
    Okta
    .
  6. From the
    OAuth Provider
     list, select the Okta OAuth provider you defined.
  7. From the
    DNS Resolver
     list, select a DNS resolver (or click the plus (
    +
    ) icon, create a DNS resolver, and then select it).
  8. In the
    Token Validation Interval
     field, type a number.
    If you configure a per-request policy subroutine to validate the token, the subroutine repeats at this interval, or the expiry time of the access token, whichever is shorter.
  9. In the Client Settings area, fill in these fields:
    You should have gotten a client ID and client secret when you registered APM as a client of the OAuth authorization server.
    1. In the
      Client ID
       field, type or paste the client ID.
    2. In the
      Client Secret
       field, type or paste the secret.
    3. From the
      Client's ServerSSL Profile Name
      , select a server SSL profile.
  10. In the Resource Server Settings area, fill in these fields.
    You should have gotten an ID and secret from the OAuth authorization server when you registered APM with it.
    Social account providers supply only client ID and client secret. For social account providers, use the client ID and client secret for the client and the resource server IDs and secrets.
    1. In the
      Resource Server ID
       field, type or paste the resource server ID (for an enterprise provider).
      For a social provider, type or paste the client ID instead.
    2. In the
      Resource Server Secret
       field, type or paste the resource server secret (for an enterprise provider).
      For a social provider, type or paste the client secret instead.
    3. From the
      Resource Server's ServerSSL Profile Name
      , select a server SSL profile.
  11. Click
    Finished
    .
    The server displays on the OAuth Servers screen.
You can now select the OAuth server that you configured from the OAuth Client and OAuth Scope agents when you configure an access policy or a per-request policy.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information