apm aaa oauth-serverΒΆ

apm aaa oauth-server(1) 			  BIG-IP TMSH Manual			      apm aaa oauth-server(1)

NAME
       oauth-server - Manages an OAuth Server.

MODULE
       apm aaa

SYNTAX
       Configure the oauth-server component within the aaa module using the syntax shown in the following sections.

   CREATE/MODIFY
	create oauth-server [name]
	modify oauth-server [name]
	  options:
	   app-service [[string] | none]
	   client-id [string]
	   client-secret [[string] | none]
	   client-serverssl-profile-name [name]
	   dns-resolver-name [name]
	   mode [client | rs | client-rs]
	   provider-name [name]
	   resource-server-id [string]
	   resource-server-secret [[string] | none]
	   resource-serverssl-profile-name [name]
	   rules [[string] | none]
	   token-validation-interval [[integer] | none]

	edit oauth-server [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list oauth-server
	list oauth-server [ [ [name] | [glob] | [regex] ] ... ]
	  options:
	    all-properties
	    app-service
	    non-default-properties
	    one-line
	    partition

   DELETE
	delete oauth-server [name]

DESCRIPTION
       You can use the oauth-server component to manage an OAuth Server.  The OAuth Server specifies the
       configuration of an OAuth Authorization server for use by the OAuth Client or OAuth Scope agents.

EXAMPLES
       create oauth-server f5Server { provider-name Google mode client client-id myClientApplicationId client-secret
       e939e21ead60c0406341c9be587a005056890213d480f456 client-serverssl-profile-name serverssl dns-resolver-name
       myResolver}
	    Creates the OAuth Server named f5Server and defines all required options. In this example, the BIG-IP
	    system is supposed to only acquire an access_token from Google. The server mode is set to client and
	    resource server credentials are not needed.

       delete oauth-server f5Server
	    Deletes the OAuth Server named f5Server from the system.

OPTIONS
       app-service
	    Specifies the name of the application service to which the object belongs. The default value is none.
	    Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
	    modify or delete the object. Only the application service can modify or delete the object.

       client-id
	    Specifies the client application ID. The client application must be configured before configuring the
	    OAuth Server on the BIG-IP system.

       client-secret
	    Specifies the client application secret. The client application must be configured at the authorization
	    server before configuring the OAuth Server on the BIG-IP system.

       client-serverssl-profile-name
	    SSL profile to be used by the BIG-IP system when connecting to authorization server.

       dns-resolver-name
	    DNS resolver object to be used by OAuth Server to resolve DNS names for endpoint URIs.

       mode The mode of operation for the OAuth Server.  The options for the mode of operation are:

	    client The OAuth Server can be used by OAuth Client agent only. In this mode, you do not need to specify
	    Resource Server credentials.
	    rs The OAuth Server can be used by OAuth Scope agent only. In this mode, you do not need to specify
	    Client Application credentials.
	    client-rs The OAuth Server can be used by either OAuth Client or OAuth Scope agent. Client Application
	    credentials and Resource Server credentials are required.
       partition
	    Displays the partition within which the component resides. The default is Common.

       resource-server-id
	    Specifies the Resource Server ID. The Resource Server must be configured before configuring OAuth Server
	    on the BIG-IP system.

       resource-server-secret
	    Specifies the Resource Server Secret. The Resource Server must be configured before configuring OAuth
	    Server on the BIG-IP system.

       resource-serverssl-profile-name
	    SSL profile to be used by the BIG-IP system when connecting to resource server.

       rules
	    The list of iRule events. You can apply an iRule event to modify a request or a response (except an
	    authorization code request from the BIG-IP OAuth client to the OAuth authentication server).

       token-validation-interval
	    Specifies the number of minutes that the token can remain valid. The token becomes invalid when this
	    interval elapses or at the token expiry that the authentication server specifies, whichever is shorter.
	    When the token expires, the subsession times out. (This setting applies only to a per-request policy).

SEE ALSO
COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or
       mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
       other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2011-2013, 2015-2016. All rights reserved.

BIG-IP						      2017-01-20			      apm aaa oauth-server(1)