1.0 Introduction
This article describes the steps to integrate Fortanix Data Security Manager (DSM) with ForgeRock OAuth 2.0 Provider Service using OAuth configuration.
2.0 Prerequisites
- Fortanix DSM
- Access to ForgeRock Access Management Console
3.0 Configuration on ForgeRock
- Log in to ForgeRock Access Management Console.
- Click the Services tab -> Add a Service -> OAuth2 Provider -> click Create.
- On the OAuth2 Provider page, select the Advanced tab and in the field User Profile Attribute(s) the Resource Owner is Authenticated On, enter the attribute email.
- Click Save.
Figure 1: Add OAuth2 provider service - Click the Applications tab -> Oauth 2.0 -> Clients -> Click Add client.
- On the OAuth 2.0 Client page, select the Core tab and enter the Client ID, Client secret, Redirection URIs, and Scope(s).
- Client ID: Enter a unique ID, or it can just be a name.
- Client secret: Enter the secret.
- Redirection URIs: https://<dsmurl>/oauth
For example: https://<fortanix_dsm_url>/oauth - Scope(s): Enter the values openid, token, and email.
- Click Save Changes.
Figure 2: Configure OAuth 2.0 Client
4.0 ForgeRock OAuth Configuration in Fortanix DSM
- Next, in the Fortanix DSM UI, click the Settings tab in the left panel and click the AUTHENTICATION tab.
- Select SINGLE SIGN-ON and click ADD OAUTH INTEGRATION to configure ForgeRock OAuth 2.0 authentication.
Figure 3: Configure ForgeRock OAuth Integration - Enter the following details for the OAuth provider.
- Provider Name : enter any name, for example: ForgeRock Oauth
-
- Authorization Endpoint:
https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/authorize - Token Endpoint: :
https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/access_token - Authorization Method: select client_secret_basic
- User Info Endpoint: :
https://ec2-54-82-49-37.compute-1.amazonaws.com:8443/idp/oauth2/userinfo - TLS Certificate:
- Client ID: enter the client ID that was created in Step 6 in Section 3.0.
- Client Secret: enter the client secret that was created in Step 6 in Section 3.0.
Figure 4: OAuth configuration - Authorization Endpoint:
Comments
Please sign in to leave a comment.