APM/OAuth2 : auto apply changes made by discovery
Hi, I've setup OAuth2 to Azure EntraID following this documentation. It works well but I'm only facing a serious issue. In the OAuth provider configuration, I've enabled the discovery job to run once per day. This allows the BigIP to fetch any new certificate and/or JWT as provided by the app on EntraID. The problem is that when the certificate or the JWT change, you have to re-apply the per-session policy in order for the change to take effect. And on multiple occasion, the access to our critical applications failed because the changes were'nt applied in a timely manner. Is there a way to automatically apply the changes made by the OAuth discovery job ? Running version : BigIP 17.1.1.155Views0likes7CommentsSSL-VPN external DHCP
Hello, I am wondering if it's possible to configure a DHCP-relay to an external DHCP-server for the SSL-VPN from the APM module. I haven't been able to find any relevant information when searching on the web. Thank you in advance for your help. Best regardsPhilip48Views0likes1Commentis it possible to apply SSO when login page and app run on different device?
I was wondering is it possible to apply a SSO when we using webtop login on BIGIP01 and the application on the BIGIP02? I just tried to understand that the APM profile on webtop login is to collect and cache user identity (when using SSO Mapping) and APM profile on the application virtual server is to post the cache that been stored before. is it possible to pass this session on BIGIP01 to BIGIP02 to make sure the SSO working properly?18Views0likes0CommentsAPM Session timeout splash
Hi All, We are using APM as oauth client to provide SSO for applications hosted behind LTM, the problem we are facing now F5 is not automatically providing any sign about session timeout, user has to refresh the screen to get the authentication page again is there anyway to implement the timeout splash same as above for max session timeout ? any hit will be appreciated44Views0likes4CommentsHow to Disable fields after AD Password expired
Hi everyone. We have a F5 v17.1.0.3 with APM Profile configured in standard mode customization configuration. We would like to disable the fields "New Password" and "Verify Password" after the AD responds with message "Password Expired". The AAA error message we modified without problems, editing the AAA error message custom. Its possible to disable these fields "New Password" and Verify Password? Regards.46Views0likes1CommentCLI Command for specific machine "Session Deleted due to user inactivity"
Hello, I have this command that I use to search for a specific machine in the apm logs: zgrep -i "Username 'MACHINE_NAME_GOES_HERE'" /var/log/apm* |wc -l Then I have this one to search for the line “Session deleted due to user inactivity”. It produces a number from ALL machines that encountered this message: zgrep -i "Session deleted due to user inactivity." /var/log/apm* | wc -l I'm wondering if there is a command or another method to look up how many times a specific machine encountered a session deletion due to user inactivity?53Views0likes1CommentNot active oauth tokens after reboot
Hi, I have an oauth profile what generates opaque oauth tokens with long lifetimes. I originally thought the tokens where invalidated after an upgrade or even a failover. Now after testing they are indentified as "Not active" in the APM log. The tokens work just right after generating them. Also, despite the long lifetime setup in the oauth profile, the tmsh commands lists the tokens with same dates on issue and expiry, for both access and refresh tokens. So the tokens seem to be generated with wrong expiry dates. I've noticed this in the production cluster, and am able to test in a standalone non-production device. I have several cases escalated with F5 support but I have no real significant replies and tests to do since weeks. So I am unfortunately asking here to see if anybody has ideas to test or troubleshoot. Thanks. Lloyd37Views0likes1CommentAPM| inactivity timeout redirection
we are using f5 APM V17 in APM we have- session inactivity timeout - 15mins after reaching 15mins, if we enter browser displaying default F5 page - vdesk/hangup.php3 *expectation - upon reaching 15mins, it should automatically redirect to landing page. How to do this can someone give me some idea32Views0likes1Commentreplace URL branching against Datagroup
Hello, is there any possibility to use a datagroup instead of URL branching object in APM per request policy? I want to find an easy way to maintain a URL filter list for MFA on specific paths. Could it be possible via iRule Event -> ACCESS_POLICY_AGENT_EVENT? If yes has someone a code snippet for this job? Thanks & BR René38Views0likes2Comments[APM] URL stops working , location : /my.policy?ORG_URI=1f931c35
hello Team , We have a strange issue . User is able to access the url but sometimes the url doesn't work and when he checks in developer tool it has a status code of : 302 Found. After 10-15min it starts to work without any intervention. Response Headers : Connection : close Content-Length:0 Location : /my.policy?ORIG_URI=1f931c35 We are using APM for ACL and URL filtering , so where can I find my.policy ? I did not find any logs with this id 1f931c35 in cat apm or cat ltm logs , cat pktfilter logs , cat urlfilter logs .. Kindly please advice .41Views0likes1Comment