Dear devcentral,
Has anyone successfully integrated keycloak as an OIDC backend for APM on F5?
We are running v13.1 so this version should be able to use this feature, right?
So far I have ...
but When I try to create a custom f5 keycloak scope request, I always have the same issue : error: HTTP error 401, Error: invalid_request: Authentication failed.
So I dont understand why ? i try to made tcpdump to see what exactly F5 send to keycloak but, not helped for the moment.
I see client credentials error in keycloak logs :
But double checked the parameters > same used in curl ...
@sebastien doucet your setup is indeed a bit different then mine but error seems related.
We are using ou F5 APM as a full OIDC client, redirecting the user to IDP logon page, requesting token etc..
Regarding the custom scope validation request, mine is more or less the same. Not so many params though, bare minimum only:
What really helped me is to place an iRule between the F5 and keycloak to capture the SSL keys so you can decode the HTTPS traffic in the TCP dump. From there you can decode the tokens etc using jwt.io and validate whats is in there.