Using Fortanix Data Security Manager with ForgeRock OAuth 2.0

  • Updated on Sep 17, 2024
  • Published on Jun 10, 2024
  • 2 minute(s) read
Prev Next

1.0 Introduction

This article describes the steps to integrate Fortanix-Data-Security-Manager (DSM) with ForgeRock OAuth 2.0 Provider Service using OAuth configuration.

2.0 Prerequisites

  • Fortanix DSM

  • Access to ForgeRock Access Management Console

3.0 Configuration on ForgeRock

  1. Log in to ForgeRock Access Management Console.

  2. Click the Services tab -> Add a Service -> OAuth2 Provider -> click Create.

  3. On the OAuth2 Provider page, select the Advanced tab and in the field User Profile Attribute(s) the Resource Owner is Authenticated On, enter the attribute email.

  4. Click Save.  

    ForgeRock1.png

    Figure 1: Add OAuth2 provider service

  5. Click the Applications tab -> Oauth 2.0 -> Clients -> Click Add client.

  6. On the OAuth 2.0 Client page, select the Core tab and enter the Client ID, Client secret, Redirection URIs, and Scope(s).

    1. Client ID: Enter a unique ID, or it can just be a name.

    2. Client secret: Enter the secret.

    3. Redirection URIs: https://<dsmurl>/oauth

      For example: https://<fortanix_dsm_url>/oauth

    4. Scope(s): Enter the values openid, token, and email.

  7. Click Save Changes.  

    ForgeRock2.png

    Figure 2: Configure OAuth 2.0 Client

4.0 ForgeRock OAuth Configuration in Fortanix DSM

  1. Next, in the Fortanix DSM UI, click the Settings tab in the left panel and click the AUTHENTICATION tab.

  2. Select SINGLE SIGN-ON and click ADD OAUTH INTEGRATION to configure ForgeRock OAuth 2.0 authentication.  

    ForgeRockAddOAuthIntegration.png

    Figure 3: Configure ForgeRock OAuth Integration

  3. Enter the following details for the OAuth provider.

    1. Provider Name : enter any name, for example: ForgeRock Oauth

    2. Authorization Endpoint:
      https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/authorize

      Token Endpoint: :
      https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/access_token

      Authorization Method: select client_secret_basic

      User Info Endpoint: :
      https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/userinfo

      TLS Certificate:

      1. Client ID: enter the client ID that was created in Step 6 in Section 3.0.

      2. Client Secret: enter the client secret that was created in Step 6 in Section 3.0.

        NOTE

        • Select Global Root CAs if you have signed the ForgeRock SSL certificate with a CA and provide the certificate, otherwise select Custom CA Certificate, if you have self-signed the certificate for ForgeRock URL and provide the certificate.

        • User info Endpoint is mandatory while using ForgeRock OAuth, otherwise it will throw a 401 unauthorized access error.

        ForgeRockOAuthConfig.png

        Figure 4: OAuth configuration

Related articles