Manual Chapter : Creating an OAuth auth subroutine

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Creating an OAuth auth subroutine

You should have a per-request policy, an OAuth authentication server for authentication with Okta, and RADIUS server for authentication with MFA.
Create the subroutines to allow continuous checks and authentication with OAuth and MFA when the user goes to a specific URL.
  1. From the Main tab, click
    Access
    Profiles / Policies
    Per-Request Policies
    .
  2. Find the policy you want to edit, and in the Per-Request Policy column, click
    Edit
    .
  3. In the per-request policy, click
    Add New Subroutine
    .
  4. Name the subroutine for use with OAuth and MFA. For example,
    OAuth Login
    .
  5. Click
    Save
    .
  6. Expand the subroutine, and click the plus to add a new item.
  7. Click the
    Authentication
    tab, select
    OAuth Client
    , and click
    Add Item
    .
  8. Configure the OAuth client settings for your environment.
  9. Click
    Save
    .
  10. On the Successful branch, click the plus to add a new item.
  11. Click the
    Authentication
    tab, select
    OAuth Scope
    , and click
    Add Item
    .
  12. Configure the OAuth scope settings for your environment.
  13. Click
    Save
    .
  14. On the Succesful branch, click the plus to add a new item.
  15. Click the
    Assignment
    tab, select
    Variable Assign
    , and click
    Add Item
    .
  16. Click
    Add new entry
    .
  17. On the left, select
    Custom Variable
    and type
    subsession.logon.last.username
    .
  18. On the right, select
    Session Variable
    and type
    subsession.oauth.client.last.id_token.preferred_username
    .
  19. Specify terminals for success and fail branches.
    This example shows a completed subroutine for OAuth auth.
The OAuth auth subroutine is now configured.
Configure the MFA subroutine, and add the subroutines to a per-request policy.