Forum Discussion

tub91's avatar
tub91
Icon for Cirrus rankCirrus
Dec 09, 2022

Monitoring Failure OAuth request

Hi,

Unfortunately, we occasionally have problems with oAuth authentications. Through the graph positioned in the path "Access ›› Overview : OAuth Reports : Client / Resource Server" we can see from the GUI the validation errors per second.

Is it possible to create alerts when there are validation errors? Or is it possible to query this information via SNMP?

Thanks

6 Replies

  • HI tub91 , I'm asking around about this one. I couldn't find a clear solution myself but perhaps there is something out there I've missed

  • Hello tub91 

    If APM fails to the token validation, you can find the error log in the access policy logging. 

     

    Dec 12 09:59:14 bigip.test.oauth err apmd[1443]: 01490290:3: /Common/OAuth-Profile::ba1ff486./Common/OAuth_PRP-crud_control_1/YXhzMnN1YnNpZA==:/Common/OAuth_PRP-crud_control_act_oauth_scope_subsession_ag_1: OAuth Scope: failed for jwt-provider-list '/Common/JWT_AzureAD_Provider' , error: Audience not found : Claim audience= api://aaaaaaaaaa/f5demo JWT_Config Audience=

    Since the token validation is performed on the 'OAuth Scope' agent in the access policy, it generates the log message whenever it fails to validate the token. You also can monitor any access policy done with the ending type of the 'Reject'. With this log message, you can monitor not only the token validation fail cases but also all other access failure reasons. You can export these access logs to the external Syslog server and create a predefined action in the logging server.

    • tub91's avatar
      tub91
      Icon for Cirrus rankCirrus

      Hi James_Jinwon_Lee 

      Thank you for your answer. In the past we configured the sending of APM logs to a syslog but due to some of our internal problems at the moment we can no longer send these logs to a syslog. We are therefore looking for a different way to alert us when there are these errors. Do you have any other ideas?

      Thanks