Using Fortanix Data Security Manager with ForgeRock OAuth 2.0

1.0 Introduction

This article describes the steps to integrate Fortanix Data Security Manager (DSM) with ForgeRock OAuth 2.0 Provider Service using OAuth configuration.

2.0 Prerequisites

  • Fortanix DSM
  • Access to ForgeRock Access Management Console

3.0 Configuration on ForgeRock

  1. Log in to ForgeRock Access Management Console.
  2. Click the Services tab -> Add a Service -> OAuth2 Provider -> click Create.
  3. On the OAuth2 Provider page, select the Advanced tab and in the field User Profile Attribute(s) the Resource Owner is Authenticated On, enter the attribute email.
  4. Click Save. ForgeRock1.png
    Figure 1: Add OAuth2 provider service
  5. Click the Applications tab -> Oauth 2.0 -> Clients -> Click Add client.
  6. On the OAuth 2.0 Client page, select the Core tab and enter the Client ID, Client secret, Redirection URIs, and Scope(s).
    1. Client ID: Enter a unique ID, or it can just be a name.
    2. Client secret: Enter the secret.
    3. Redirection URIs: https://<dsmurl>/oauth
      For example: https://<fortanix_dsm_url>/oauth
    4. Scope(s): Enter the values openid, token, and email.
  7. Click Save Changes. ForgeRock2.png
    Figure 2: Configure OAuth 2.0 Client

4.0 ForgeRock OAuth Configuration in Fortanix DSM

  1. Next, in the Fortanix DSM UI, click the Settings tab in the left panel and click the AUTHENTICATION tab.
  2. Select SINGLE SIGN-ON and click ADD OAUTH INTEGRATION to configure ForgeRock OAuth 2.0 authentication. ForgeRockAddOAuthIntegration.png
    Figure 3: Configure ForgeRock OAuth Integration
  3. Enter the following details for the OAuth provider.
    1. Provider Name : enter any name, for example: ForgeRock Oauth
      1. Authorization Endpoint:
        https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/authorize
      2. Token Endpoint: :
        https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/access_token
      3. Authorization Method: select client_secret_basic
      4. User Info Endpoint: :
        https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/userinfo
      5. TLS Certificate:
        1. Client ID: enter the client ID that was created in Step 6 in Section 3.0.
        2. Client Secret: enter the client secret that was created in Step 6 in Section 3.0.
      NOTE
      • Select Global Root CAs if you have signed the ForgeRock SSL certificate with a CA and provide the certificate, otherwise select Custom CA Certificate, if you have self-signed the certificate for ForgeRock URL and provide the certificate.
      • User info Endpoint is mandatory while using ForgeRock OAuth, otherwise it will throw a 401 unauthorized access error.
      ForgeRockOAuthConfig.png
      Figure 4: OAuth configuration

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful