OAuth SSO

Question

Hi All,we'd like to secure the access to a backend portal with OAuth (F5 Authorization Server and F5 Client/Ressource Server).We aleady configured 2 Virtual Servers and 2 Access Profilesaccess profile 1 for the backend application (OAuth Client and Scope Agents)access profile 2 for the OAuth AS (Logon Page, LDAP Auth and OAuth AS Agent)The login and the OAuth (OIDC) works with the backend via id_token.&nbsp;Idea was to ask the user ONCE for his LDAP Credentials and then authorize the user in subsequent authorization requests from client applications WITHOUT asking for entering his credentials again. What we see in the session logs is, that the authorization server session always ends with "session deleted (oauth_finished)" once the authorization request has successfully ended, hence the users LDAP information is destroyed together with the "session deleted"Is it possible to get some kind of SSO so that the users credentials is stored in the client for subsequent authorization requests and that the logon page can make use those credentials without prompting the user to login manually again?&nbsp;ThanksSteffen

steffen_h · Answer

Information from Support:[..] I fully agree that you are facing with the mentioned limitation rfe753518. From the limitation description itself:&nbsp;"Currently BIG-IP OpenID Connect AS does not persist user sessions, so users must log in each time they visit the AS. This is undesirable for some deployments, especially if they have multiple OIDC Client/RS federating to a single AS. The user would have to log in to each RS+AS separately rather than being SSO'd to all RSs."&nbsp;[...] What I'm going to do is to escalate your case in order to attach to the mentioned id. This way our product developers will understand that more and more Customers demand this functionality. [...]

sigbjorn · Answer

Have there been any updates on this?&nbsp;We're doing a project with many applications and are facing these issues with v16.1 atm

nandhi · Answer

Any solution identified for this issue? we are running 16.4.1 and facing similar issue.

The users prompted to login sso again if traffic over F5 VS, direct server access can work without providing additional login. Thanks.

Forum Discussion

OAuth SSO

3 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Related Content

Basic OAuth concept and OAuth with F5 solutions

Implementing basic OAuth with F5 BIG-IP APM

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

Monitoring Failure OAuth request