apm aaa oauth-provider
apm aaa oauth-provider(1) BIG-IP TMSH Manual apm aaa oauth-provider(1)
NAME
oauth-provider - Manages an OAuth Provider.
MODULE
apm aaa
SYNTAX
Configure the oauth-provider component within the aaa module using the
syntax shown in the following sections.
CREATE/MODIFY
create oauth-provider [name]
modify oauth-provider [name]
options:
allow-self-signed-jwk-cert [bool]
app-service [[string] | none]
authentication-uri [[string] | none]
auto-jwt-config-name [[string] | none]
description [[string] | none]
ignore-expired-cert [bool]
last-discovery-time [date/time]
manual-jwt-config-name [[string] | none]
max-json-nesting-layers [integer]
max-response-size [integer]
openid-cfg-uri [[string] | none]
save-json-payload [enabled | disabled]
token-uri [[string] | none]
token-validation-scope-uri [[string] | none]
trusted-ca-bundle [[string] | none]
type [custom | f5 | facebook | google | ping]
use-auto-jwt-config [bool]
userinfo-request-uri [[string] | none]
edit oauth-provider[ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list oauth-provider
list oauth-provider [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
app-service
non-default-properties
one-line
partition
DELETE
delete oauth-provider [name]
DESCRIPTION
You can use the oauth-provider component to manage an OAuth Provider.
The OAuth Provider specifies endpoint URIs to retrieve token, refresh
token, validate token, get a list of scopes associated with token and
redirect user to obtain authorization_code. It specifies URIs to
retrieve userinfo and to perform OpenID discovery to retrieve JSON web
tokens and JSON web keys.
EXAMPLES
create oauth-provider f5Provider { authentication-uri
https://local.f5.com/f5-oauth2/v1/authorize auto-jwt-config-name
auto_jwt_f5Provider last-discovery-time 2017-06-09:07:48:57 openid-cfg-
uri
https://f5-oauth.local/f5-oauth2/v1/.well-known/openid-configuration
description "OAuth provider defines F5 AS" token-uri
https://local.f5.com/f5-oauth2/v1/token token-validation-scope-uri
https://local.f5.com/f5-oauth2/v1/validate trusted-ca-bundle
ca-bundle.crt type f5 }
Creates the OAuth Provider named f5Provider of type f5, defines
all endpoint URIs to the local Authorization Server.
delete oauth-provider f5Provider
Deletes the OAuth Provider named f5Provider from the system.
OPTIONS
allow-self-signed-jwk-cert
Specifies whether creating JWK config containing self-signed
certificate is allowed. The default value is yes.
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
authentication-uri
The endpoint URI that is used to redirect user for authentication
in order to get authorization_code. This endpoint is used by
OAuth Client agent, when grant type is configured to Authorization
Code.
auto-jwt-config-name
Specifies the name of the auto-discovered JWT config.
description
Specifies a description for the component. The default is none.
ignore-expired-cert
Specifies whether the expired AS certificate enforcement is to be
ignored. The default value is false.
last-discovery-time
Specifies the last time JWT config and JWK config were auto-
discovered.
manual-jwt-config-name
Specifies the name of the manually created JWT config.
max-json-nesting-layers
Specifies the maximum nesting layers of JSON responses that will
be processed and stored. The default value is 8.
max-response-size
Specifies the size limit for all responses from all endpoints of
the provider. The default value is 128kb.
openid-cfg-uri
The endpoint URI that is used to pull JSON web tokens and JSON web
keys from Authorization server. This endpoint is used by OAuth
Client agent.
save-json-payload
Specifies whether the entire JSON text is to be saved in a session
variable. The default value is false.
partition
Displays the partition within which the component resides. The
default is Common.
token-uri
The endpoint URI that is used to retrieve an access_token. This
endpoint is used by OAuth Client agent.
token-validation-scope-uri
The endpoint URI that is used by OAuth Scope agent, in order to
retrieve a list of scopes associated with an access_token. The
same URI is used to validate an access_token by OAuth Client
agent.
trusted-ca-bundle
Specifies the trusted CA bundle for AS certificate that is used
for autodiscovery of JSON web tokens and JSON web keys.
type The type of the provider.
use-auto-jwt-config
Specifies whether the OAuth Provider uses auto-discovered JWT
config specified in auto-jwt-config-name or manually created JWT
config specified in manual-jwt-config-name. The default value is
true.
userinfo-request-uri
The endpoint URI that is used to request userinfo information.
This endpoint is used by OAuth Scope agent.
custom The provider is using a custom Authorization Server.
azure-ad The provider is using an AzureAD Authorization Server.
azure-ad-b2c The provider is using an AzureAD-B2C Authorization
Server.
f5 The provider is using an F5 Authorization Server.
facebook The provider is Facebook Authorization Server.
google The provider is Google Authorization Server.
okta The provider is using an Okta Authorization Server.
ping The provider is Ping Identity Authorization Server.
Default value for provider type is f5.
SEE ALSO
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2013, 2015-2016, 2017. All
rights reserved.
BIG-IP 2018-01-18 apm aaa oauth-provider(1)