Forum Discussion

F-X_Prouvost_11's avatar
F-X_Prouvost_11
Icon for Nimbostratus rankNimbostratus
Sep 19, 2018

Oauth - scope validation request - code parameter is missing

Hello all,

 

I'm trying to integrate F5 (APM) and an IAM (NETIQ solution) with Oauth protocol. So my F5 is the Oauth client, the IAM the authorisation + resource server. (if I understood well OAuth concept) So on the VPE in created an OAuth logon page + Oauth client box + Oauth Scope box and crafted the different requests for redirect-request / token-request / scope-request / …

 

When I try now to authenticate I arrive on the F5 logon page, I choose the IAM authentication method, I'm redirected to the IAM logon page (so redirect request works), if I authenticate I'm redirected back to the F5 and I have a token on the F5 session (So token-request is working and the Oauth client in the VPE is terminated and working) now when the F5 try to get the scope I've an issue. When F5 try to do the scope-validation-request, the resource server respond with "HTTP error 400: Invalid Request: OAuth Client Authentication Failure because code parameter is missing in the request". However on the F5 documentation it says that the code should be automatically added in requests and we don't have to configure code attribute (link : https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-0-0/37.html). I also tried to add it manually but I can't find where the code value is stored on the F5 as it's not stored in session variable.

 

It's the first time I try to integrate OAuth with a 3rd party and I'm a little stuck now as I don't know how to add this code parameter or why the F5 doesn't include it automatically.

 

Is someone already experienced this kind of issue ?

 

Thanks

 

APM
oauth
security

3 Replies

Sort By
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Sep 19, 2018

    Hi,

    Can you try using Postman with the following settings:

    POST https://as-fqdn.domain.com/f5-oauth2/v1/introspect

    And in parameter (body) use these following data:

    token
    =da89ds7a8d7a98d7addsadadsads990890980s98d90s8dsa9d&
    resource_server_id
    =dsadsadadadsadsadsadadsadsadsadadsad&
    resource_server_secret
    =dadsdsadsadsadadsadadadadad

    it will work, it work for me 🙂

    keep me update,

    regards,

  • Antish_293579's avatar
    Antish_293579
    Icon for Nimbostratus rankNimbostratus
    Oct 09, 2018

    Hi All...I am configuring OAuth between my F5 Box & Microsoft Azure AD. I am able to get authentication code, but then the request is not going to get token.I am really not getting what config i am missing. Can someone please help ?? I am sure something is miss but not sure as doing this for first time & really F5 support document is getting me more confused.

     

    • Karim's avatar
      Karim
      Icon for Cirrus rankCirrus
      Oct 10, 2018

      Hi F-X Prouvost,

       

      What if you specified all scopes you wanted in the "Oauth Client" agent instead of doing it in the "Oauth scope" ? do you get all the scopes you want without any errors ?

       

      I know that there will be no token validation but I just want to see if it works like that.

       

      Are you using "Opaque token" ?

       

      can you show the configuration of the scopes request you are using in the "Oauth scope" agent ?