Lab 1.2 - Create an API Protection Profile

The API Protection profile is a combination of APM and AWAF features to protect any API.

Task 1 - Create an API Protection Profile

  1. Navigate to API Protection >> Profile. Click the + (plus symbol)

    image11

Note

json file is located on the jumpbox in c:\labs\class1\student_files

  1. Enter the following parameters:

    • Name: api-protection
    • OpenAPI File: Active Directory OpenAPI.json
    • DNS Resolver: internal-dns-resolver
    • Authorization: OAuth 2.0

  2. Click Add

  3. Click Save

    image12

Task 2 - Explore the Path Configuration

  1. Note the Spec file contained four paths to various URIs

  2. Each URI only supports the Method GET

  3. The APIs server URL is http://adapi.f5lab.local:81

    image13

Task 3 - Associate a JWT Provider

  1. Click Access Control from the top ribbon

  2. Click Edit (Per Request Policy)

    image14

  3. Notice the same paths displayed in the API Protection profile appear here. Currently there is no fine-grained access control. We will implement it later in the lab

  4. Click the + (plus symbol) next the Subroutine OAuth Scope Check AuthZ to expand its properties:

    image15

    Note

    The OAuth scope agent currently has a red asterisk since no provider is associated with it.

  5. Click OAuth Scope

    image16

  6. Enter the following parameters:

    • Token Validation Mode: Internal
    • JWT Provider List: as-jwt-provider
    • Response: api-protection_auto_response1

  7. Click Save

    image17