Lab 1.1 - Create a JWT Provider

The cornerstone of the API protection profile is the ability to authorize users using JWT. Unlike Guided Configuration that creates the JWT Provider for you based on a few defined parameters, you must create the provider manually.

Task 1 - Create a key configuration

Note

Ensure you are logged into BIGIP1

  1. From the web browser, click on the Access tab located on the left side.

image0

  1. Navigate to Federation >> JSON Web Token >> Key Configuration. Click the + (Plus Symbol)

image1

  1. Configure the following parameters:
  • Name: api-jwt-key
  • ID: lab
  • Octet: Octet
  • Signing Algorithm: HS256
  • Shared Secret: secret
  1. Click Save

image2

Task 2 - Create an Authorization Provider

  1. Navigate to Federation >> OAuth Client/Resource Server >> Provider. Click the + (Plus Symbol)

image3

  1. Configure the following parameters:
  • Name: api-as-provider
  • Trusted Certificate Authorities: ca.acme.com.crt
  • OpenID URL: replace f5-oauth.local with prebuilt-as.acme.com
  1. Click Discover

image4

  1. The Authentication URI, Token URI, Token Validation Scope URI, and UserInfo URI should be updated

image5

  1. Click Save

Task 3 - Customize the Token Configuration

  1. Navigate to Federation >> JSON Web Token >> Token Configuration. Click Token Configuration, not the + (Plus Symbol)

image6

  1. Click on auto_jwt_api-as-provider

image7

  1. Move api-jwk-key from Available to Allowed
  2. Click Save

image8

Task 4 - Create a JWT Provider

  1. Navigate to Federation >> JSON Web Token >> Provider List. Click the + (Plus Symbol)

image9

  1. Enter the name: as-jwt-provider
  2. Click Add so api-as-provider is added to list of providers
  3. Click Save

image10