Ustrum
Jul 08, 2022Cirrus
Solved
Validating JWT in per-request policy - subsession
Hello, I´m trying to configure a per-request policy within an api protection profile so I can validate JWT tokens before allowing the request. The first time a request comes in it works like charm,...
- Jul 08, 2022
Thanks for the suggestion about gating criteria, I was finally able to work it around by:
- Triggering an iRule event on every request before the oauth scope subroutine
- Assigning perflow.custom a random value within the ACCESS_PER_REQUEST_AGENT_EVENT event
- Seting the gating criteria to perflow.custom
Needless to say, this is far too twisted for my taste, specially when the docs mention it should work by simply setting the subroutine Max Subsession Life to 0, which I am unable to set to 0 even by patching the object directly calling the iControl API I get a similar error as in the gui ("01070734:3: Configuration error: The max subsession life timeout must range from 60 to 604800 seconds.") so it might be an internal validation.