OAuth in Avi Load Balancer is configured through several steps including setting up the pool, authentication profile, SSO policy, and OAuth settings for the virtual service.

To configure OAuth using the UI,

  1. Configuring the Pool.

  2. Configuring Authentication Profile.

  3. Configuring the SSO Policy.

  4. Configuring the OAuth Settings in the Virtual Services.

Configuring the Pool

Create a Pool with Type as OAuth and configure backend servers as shown below:

  1. Navigate to Applications > Pools.

  2. Click CREATE POOL or edit the existing pools.

  3. Enter the Name of the pool.

  4. Select the Type as Oauth.

  5. Configure the pool as required. For more information, see Create Pool.

  6. Under the Servers tab, enter the details in the Select Servers By field and click ADD.



  7. Click Save.

Configuring Authentication Profile

In the Authentication profile, configure the endpoints for OAuth authentication, including authorization and token endpoints. You can either import the endpoints or enter the details manually.

To configure the Authentication Profile,

  1. Navigate to Templates > Security > Auth Profile.

  2. Click CREATE.

  3. Enter the Name and select the Type as OAuth/OIDC.

  4. Perform one of the following steps to configure the endpoints:

    • To configure and retrieve the endpoints automatically, enter the URL in the Import Endpoints and click IMPORT.

    • To configure the endpoints manually, enter the required details.

  5. Click Save.

Configuring SSO Policy

Create an SSO Policy of type OAuth/OIDC as shown below,

  1. Navigate to Templates > SSO Policy.

  2. Click CREATE.

  3. Enter the Name of the SSO Policy.

  4. Select OAuth/OIDC as the SSO Policy Type.

  5. Under Authentication Rules, click Add and configure the Authentication Rules as required.

  6. Under Authorization Rules, click Add and configure the Authorization Rules as required.

  7. Click Save.

Configuring the Virtual Service for OAuth

Create a new virtual service or edit an existing one where you want to enable OAuth authentication,

  1. Navigate to Applications > Virtual Services.

  2. Click Create or edit the existing virtual service.

  3. Under Settings, select the Pool created for OAuth.

  4. Under Policies, click the Access tab and select OAuth

  5. Select the SSO Policy created for OAuth.

  6. Select the Authentication Profile created for OAuth.

  7. To limit access to the app, click Add Scopes and enter the Scope Name.

  8. Configure the other options as shown below:

  9. Click Save.

Note:

When configuring OAuth virtual services using the UI, at least one scope needs to be configured. If no scopes are required for the deployment, then configure a placeholder scope in the UI and remove it later using the CLI.