apm oauth jwk-config
apm oauth jwk-config(1) BIG-IP TMSH Manual apm oauth jwk-config(1)
NAME
jwk-config - Manages JSON Web Keys to be used with Authorization
Server/Client/Resource Server
MODULE
apm oauth
SYNTAX
Configure the jwk-config component within the oauth module using the
following syntax.
CREATE/MODIFY
create jwk-config [name] modify jwk-config [name]
options:
alg-type [none | HS256 | HS384 | HS512 | RS256 | RS384 | RS512 |
ES256 | ES384]
app-service [[string] | none]
auto-generated [enabled | disabled]
cert [certificate-name | none]
cert-chain [chain-name | none]
cert-key [key-name | none]
cert-thumbprint-sha1 [[string] | none]
cert-thumbprint-sha256 [[string] | none]
curve [[string] | none]
include-x5c [enabled | disabled]
key-id [[string] | none]
key-type [rsa | octet | elliptic-curve]
key-use [signing]
modulus [[string] | none]
passphrase [[string] | none]
public-exponent [[string] | none]
shared-secret [[string] | none]
use-client-secret [true | false]
x-coordinate [[string] | none]
y-coordinate [[string] | none]
edit jwk-config [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
DISPLAY
list jwk-config
list jwk-config [ [ [name] | [glob] | [regex] ] ... ]
show running-config jwk-config
show running-config jwk-config [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
DELETE
delete jwk-config [name]
DESCRIPTION
You can use the jwk-config component to configure a cryptographic JSON
Web Key. This key may be used by the Authorization server to sign JSON
Web Tokens or by the Client/Resource Server to verify the JSON Web
Token signature.
EXAMPLES
create jwk-config myJwk {
alg-type RS256
key-id b2719f31c6ba1e5fe664fbb1bf0f7c05b3d3a0a1
modulus ovtSwEWv9Q97JbB5Knfq4iAn8gl-ONzsFoxEasbh9-l4CgeTImIXH31cOxu5tjVjAxeFifPW9w8EdEa-o8kUSJ40Fp2qMRN9wFAHmu5pmS70Vlm4brg4Rc2jk8XMahNKoZ6AY1sIs_6e_JsiLMvEP8btu1iOpZri5fS9MjbWC9IOW1Vpy9MB8hp7IUZ4nwWBcWmT4NIUmR1QF9-fDmWsF0JUXfjAm1__cAJN7K3EcMOhLwWkVvrr1U0bpeRLprTUKpRNER-nq-pA0b2t5U56rFAAws-5ydNw4coa2dS3AJrmnaCSS4BZubpRYGh8ScTBxQlZm74f1Sty8H7gUeysFw
public-exponent AQAB
}
Creates a JSON Web Key named myJwk that uses algorithm RS256.
create jwk-config myJwk {
alg-type RS256
key-id b2719f31c6ba1e5fe664fbb1bf0f7c05b3d3a0a1
cert myCrt.crt
cert-key myKey.key
}
Creates a JSON Web Key named myJwk that will automatically generate
other fields based on the values in 'cert' and 'cert-key'. This
JSON Web Key uses algorithm RS256 and can be used by the
Authorization server to sign JSON Web Tokens.
list jwk-config
Displays a list of registered JSON Web Keys.
delete jwk-config myJwk
Deletes the JSON Web Key myJwk
OPTIONS
alg-type
Specifies which cryptographic algorithm is used by this JSON Web
Key. The default value is none.
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
auto-generated
Specifies whether this key was created manually or generated
through OpenID Connect metadata discovery. The default value is
false.
cert Specifies the certificate this JSON Web Key uses to verify the
JWT. Values derived from this field are a part of the JWKS
endpoint response.
cert-chain
Specifies the certificate chain this JSON Web Key uses to validate
the certificate in the cert field. Values derived from this field
are a part of the JWKS endpoint response.
cert-key
Specifies the certificate key this JSON Web Key uses to sign the
JWT.
cert-thumbprint-sha1
Specifies the base64url-encoded SHA-1 thumbprint of the DER
encoding of X.509 certificate. If the 'cert' field is present,
this value is auto-generated.
cert-thumbprint-sha256
Specifies the base64url-encoded SHA-256 thumbprint of the DER
encoding of X.509 certificate. If the 'cert' field is present,
this value is auto-generated.
curve
Specifies the curve used by the Elliptic Curve JSON Web Key. If
the 'cert' field is present, this value is auto-generated.
include-x5c
Specifies whether or not JWKS endpoint response contains a chain
of one or more PKIX certificates. The default value is false.
key-id
Specifies the parameter to identify a specific JSON Web Key.
key-type
Specifies the cryptographic algorithm family used by the JSON Web
Key. This setting is required. The default value is rsa.
key-use
Specifies whether the JSON Web Key is used for signature
generation and verification. At this time, the only supported
value is signing.
modulus
Specifies the modulus value for the RSA public key in
base64url-encoded format. If the 'cert' field is present, this
value is auto-generated.
partition
Displays the partition within which the component resides.
passphrase
Specifies the passphrase used to encrypt the certificate key
provided in 'cert-key' field.
public-exponent
Specifies the exponent value for the RSA public key in
base64url-encoded format. If the 'cert' field is present, this
value is auto-generated.
shared-secret
Specifies the shared secret for the symmetric JSON Web Key when
'key-type' is set to octet.
use-client-secret
Specifies that this JSON Web Key uses client-secret instead of
shared-secret. This field is relevant only when key-type is set to
octet. The default value is false.
x5c Specifies a chain of one or more PKIX certificates represented as
a JSON array of certificate value strings. The JSON array is
generated using 'cert' and 'cert-chain' field values.
x-coordinate
Specifies the x coordinate for the Elliptic Curve point in
base64url-encoded format. If the 'cert' field is present, this
value is auto-generated.
y-coordinate
Specifies the y coordinate for the Elliptic Curve point in
base64url-encoded format. If the 'cert' field is present, this
value is auto-generated.
SEE ALSO
apm oauth jwt-config
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2015-2016, 2017. All rights
reserved.
BIG-IP 2017-10-18 apm oauth jwk-config(1)