Last Modified: Oct 07, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
16.1.5.1, 16.1.5.2, 16.1.6, 17.1.2, 17.1.2.1, 17.1.2.2, 17.5.0, 17.5.1, 17.5.1.2
Opened: Jul 08, 2025 Severity: 3-Major
When "audience" for apm oauth jwt-config misconfigured, oauth scope fails with error log : OAuth Scope: failed for jwt-provider-list '/Common/JWTProvider' , error: None of the configured JWK keys match the received JWT token, JWT Header: This log does not provide the correct reason for failure.
Logging clarity
OAuth with JWT keys configured. 1)configure wrong audience in apm oauth jwt-config apm oauth jwt-config /Common/auto_jwt_Provider { allowed-keys { /Common/auto_jwk_Provider1 { } /Common/auto_jwk_Provider2 { } /Common/auto_jwk_Provider3 { } } allowed-signing-algorithms { RS256 } audience { da21849e-b50c-4673-917f-cb11ef9a0891 } <------------wrong------------ auto-generated true issuer <issuer_uri> jwks-uri <jwks_uri> }
None
None