apm aaa oauth-server
apm aaa oauth-server(1) BIG-IP TMSH Manual apm aaa oauth-server(1)
NAME
oauth-server - Manages an OAuth Server.
MODULE
apm aaa
SYNTAX
Configure the oauth-server component within the aaa module using the
syntax shown in the following sections.
CREATE/MODIFY
create oauth-server [name]
modify oauth-server [name]
options:
app-service [[string] | none]
client-id [string]
client-secret [[string] | none]
client-serverssl-profile-name [name]
dns-resolver-name [name]
mode [client | rs | client-rs]
provider-name [name]
resource-server-id [string]
resource-server-secret [[string] | none]
resource-serverssl-profile-name [name]
rules [[string] | none]
token-validation-interval [[integer] | none]
edit oauth-server [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list oauth-server
list oauth-server [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
app-service
non-default-properties
one-line
partition
DELETE
delete oauth-server [name]
DESCRIPTION
You can use the oauth-server component to manage an OAuth Server. The
OAuth Server specifies the configuration of an OAuth Authorization
server for use by the OAuth Client or OAuth Scope agents.
EXAMPLES
create oauth-server f5Server { provider-name Google mode client client-
id myClientApplicationId client-secret
e939e21ead60c0406341c9be587a005056890213d480f456 client-serverssl-
profile-name serverssl dns-resolver-name myResolver}
Creates the OAuth Server named f5Server and defines all required
options. In this example, the BIG-IP system is supposed to only
acquire an access_token from Google. The server mode is set to
client and resource server credentials are not needed.
delete oauth-server f5Server
Deletes the OAuth Server named f5Server from the system.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
client-id
Specifies the client application ID. The client application must
be configured before configuring the OAuth Server on the BIG-IP
system.
client-secret
Specifies the client application secret. The client application
must be configured at the authorization server before configuring
the OAuth Server on the BIG-IP system.
client-serverssl-profile-name
SSL profile to be used by the BIG-IP system when connecting to
authorization server.
dns-resolver-name
DNS resolver object to be used by OAuth Server to resolve DNS
names for endpoint URIs.
mode The mode of operation for the OAuth Server. The options for the
mode of operation are:
client The OAuth Server can be used by OAuth Client agent only. In
this mode, you do not need to specify Resource Server credentials.
rs The OAuth Server can be used by OAuth Scope agent only. In this
mode, you do not need to specify Client Application credentials.
client-rs The OAuth Server can be used by either OAuth Client or
OAuth Scope agent. Client Application credentials and Resource
Server credentials are required.
partition
Displays the partition within which the component resides. The
default is Common.
resource-server-id
Specifies the Resource Server ID. The Resource Server must be
configured before configuring OAuth Server on the BIG-IP system.
resource-server-secret
Specifies the Resource Server Secret. The Resource Server must be
configured before configuring OAuth Server on the BIG-IP system.
resource-serverssl-profile-name
SSL profile to be used by the BIG-IP system when connecting to
resource server.
rules
The list of iRule events. You can apply an iRule event to modify a
request or a response (except an authorization code request from
the BIG-IP OAuth client to the OAuth authentication server).
token-validation-interval
Specifies the number of minutes that the token can remain valid.
The token becomes invalid when this interval elapses or at the
token expiry that the authentication server specifies, whichever
is shorter. When the token expires, the subsession times out.
(This setting applies only to a per-request policy).
SEE ALSO
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2013, 2015-2016. All rights
reserved.
BIG-IP 2017-01-20 apm aaa oauth-server(1)