In Avi Load Balancer, OAuth can be configured through the UI as well as the CLI. This section provides step-by-step instructions to implement OAuth in Avi Load Balancer.
The unique hosts associated with various endpoints used in the Auth Profile are listed below using OKTA as an authorization server as example:
Type of Endpoint |
Endpoint |
|---|---|
Authorization Endpoint |
https://example.idp.com/oauth2/v1/authorize |
Token Endpoint |
https://example.idp.com.com/oauth2/v1/token |
Introspection Endpoint |
https://example.idp.com/oauth2/v1/introspect |
jwks_uri |
https://example.idp.com.com/oauth2/v1/keys |
Issuer |
https://example.idp.com.com |
Userinfo Endpoint |
https://example.idp.com/oauth2/v1/userinfo |
Here,
unique_fqdn = example.idp.com.com. This is a sample URL used for illustration purposes only.
2. Create a Pool with servers = unique hosts/ FQDN or IP address + ports
It is recommended to use OAuth with HTTPS. So, the pool must have SSL enabled with port 443.
Some Authorization servers can have different FQDN/ hosts for different endpoints. In that case, all the hosts must be added as servers in the pool configuration.
