Bug ID 629411: OAuth Client/RS and Authorization Server don't work together on the same BIG-IP

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3

Fixed In:
13.1.0, 13.0.1

Opened: Nov 18, 2016
Severity: 3-Major

Symptoms

OAuth Client/RS and Authorization Server don't work together on the same BIG-IP system. These two features cannot be configured on the same BIG-IP system, and have to be configured on separate BIG-IP systems. Beginning with version 13.0.0, APM supports OAuth Client and RS functionality as one feature. APM also supports AS (an F5-specific implementation) as another feature. These two features are dependent on each other in that OAuth Client/RS communicate with AS for authorization decisions.

Impact

APM OAuth Client/RS and AS cannot communicate each other when configured on the same BIG-IP system.

Conditions

When APM OAuth client/RS and AS are configured on the same BIG-IP system.

Workaround

Configure OAuth ClientRS on one BIG-IP system and AS on another BIG-IP system.

Fix Information

Now OAuth Resource Server (RS), Authorization Server (AS), and Client role can be used simultaneously in the same BIG-IP.

Behavior Change