apm aaa oauth-server
apm aaa oauth-server(1) BIG-IP TMSH Manual apm aaa oauth-server(1)
NAME
oauth-server - Manages an OAuth Server.
MODULE
apm aaa
SYNTAX
Configure the oauth-server component within the aaa module using the syntax shown in the following sections.
CREATE/MODIFY
create oauth-server [name]
modify oauth-server [name]
options:
app-service [[string] | none]
client-id [string]
client-secret [[string] | none]
client-serverssl-profile-name [name]
dns-resolver-name [name]
client-jwe-key [name]
mode [client | rs | client-rs]
provider-name [name]
resource-server-id [string]
resource-server-secret [[string] | none]
resource-serverssl-profile-name [name]
rules [[string] | none]
token-validation-interval [[integer] | none]
edit oauth-server [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list oauth-server
list oauth-server [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
app-service
non-default-properties
one-line
partition
DELETE
delete oauth-server [name]
DESCRIPTION
You can use the oauth-server component to manage an OAuth Server. The OAuth Server specifies the configuration of an OAuth
Authorization server for use by the OAuth Client or OAuth Scope agents.
EXAMPLES
create oauth-server f5Server { provider-name Google mode client client-id myClientApplicationId client-secret
e939e21ead60c0406341c9be587a005056890213d480f456 client-serverssl-profile-name serverssl dns-resolver-name myResolver}
Creates the OAuth Server named f5Server and defines all required options. In this example, the BIG-IP system is
supposed to only acquire an access_token from Google. The server mode is set to client and resource server credentials
are not needed.
delete oauth-server f5Server
Deletes the OAuth Server named f5Server from the system.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.
client-id
Specifies the client application ID. The client application must be configured before configuring the OAuth Server on
the BIG-IP system.
client-secret
Specifies the client application secret. The client application must be configured at the authorization server before
configuring the OAuth Server on the BIG-IP system.
client-serverssl-profile-name
SSL profile to be used by the BIG-IP system when connecting to authorization server.
dns-resolver-name
DNS resolver object to be used by OAuth Server to resolve DNS names for endpoint URIs.
client-jwe-key
Private key to be used by Client Application to decrypt the JWE ID token received. The key must already be existing
before configuring OAuth Server on the BIG-IP system.
mode The mode of operation for the OAuth Server. The options for the mode of operation are:
client The OAuth Server can be used by OAuth Client agent only. In this mode, you do not need to specify Resource
Server credentials.
rs The OAuth Server can be used by OAuth Scope agent only. In this mode, you do not need to specify Client Application
credentials.
client-rs The OAuth Server can be used by either OAuth Client or OAuth Scope agent. Client Application credentials and
Resource Server credentials are required.
partition
Displays the partition within which the component resides. The default is Common.
resource-server-id
Specifies the Resource Server ID. The Resource Server must be configured before configuring OAuth Server on the BIG-IP
system.
resource-server-secret
Specifies the Resource Server Secret. The Resource Server must be configured before configuring OAuth Server on the
BIG-IP system.
resource-serverssl-profile-name
SSL profile to be used by the BIG-IP system when connecting to resource server.
rules
The list of iRule events. You can apply an iRule event to modify a request or a response (except an authorization code
request from the BIG-IP OAuth client to the OAuth authentication server).
token-validation-interval
Specifies the number of minutes that the token can remain valid. The token becomes invalid when this interval elapses
or at the token expiry that the authentication server specifies, whichever is shorter. When the token expires, the
subsession times out. (This setting applies only to a per-request policy).
SEE ALSO
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2013, 2015-2016. All rights reserved.
BIG-IP 2021-11-25 apm aaa oauth-server(1)