Bug ID 756019: OAuth JWT Issuer claim requires URI format

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2

Fixed In:

Opened: Jan 18, 2019
Severity: 4-Minor


APM currently expects the OAuth JSON web tokens (JWT) Issuer claim to be in the URI format: -- JWT-Config does not allow Issuer setting unless it is in the URI format. -- The issuer value in the incoming token is expected to be in the URI format and should match with the Issuer setting in the JWT-Config.


As per RFC 7519, 'iss' claim value is a case-sensitive string containing a StringOrURI value. To comply with RFC 7519, basically allowing any string value in the Issuer claim, APM should ease this validation.


OAuth JWT Issuer claim in the URI format for JWT access token and ID token.



Fix Information

JWT config issuer Validation is removed to allow a string or URI value for the JWT issuer.

Behavior Change