WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update IdentityProvider/engomo.md

Browse Source
This commit is contained in:
Manuel Gläser
2024-06-28 18:56:57 +00:00
parent 501896553c
commit 4837c7dc79
1 changed files with 0 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
IdentityProvider/engomo.md Normal file
View File

@@ -0,0 +1,67 @@
## Engomo
For this serviceprovider we use this URL `engomo.mydomain.com`
### FAC
**#1 Authentication > OAuth Service > Portals**
1) Create New
2) Name: `Engomo`
3) leave everything else default
4) Save
**#2 Authentication > OAuth Service > Policies**
1) Create New
2) Policy type: Name: `Engomo`
3) Identity sources: `Realm: select your realm and Groups in den Filter that should have access`
4) Authentication factors: Change settings to your needs, f.e. `Application name for FTM push notification: Engomo`
**#3 Authentication > OAuth Service > Scopes**
1) Create New
2) Name: `profile`
3) Name: `email`
**#4 Authentication > OAuth Service > Relying Party**
1) Name: `Engomo`
2) Client type: `Confidential`
3) Authorization grant types: `Authorization code`
4) Client ID: `note this ID`
5) Client secret: `note this secret`
6) Policy: `choose "Engomo" from Step 2`
7) Access token expiry: `change to your needs or leave default (36000 seconds)`
8) Refresh token expiry: `change to your needs or leave default (1 day)`
9) Redirect URIs: `https://engomo.mydomain.com/auth`
10) Add 3 Scopes with `+ Add Relying Party Scope`
11) Set the scopes to this:
| Scope | Default |
| :--- | :----: |
| openid | x |
| email | x |
| profile | x |
12) Save
13) Add 1 Claim with `+ Add Claim`
14) Set the Claims to this:
| Scope | Name | User Attribute |
| :--- | :----: | :----: |
| openid | preferred_username | Email |
15) Save
![IDP](screenshots/engomo01.png)
### Engomo
**#1 Server > Authentication**
1) Hit the `+` icon to add a new IDP
2) Name: `FortiAuthenticator` (choose name whatever you want)
![createSP](screenshots/engomo02.png)
3) Type: OpenID Connect
4) Issuer: https://fac.mydomain.com/api/vl/oauth
5) Client ID: `ID from FAC step #4-4`
6) Client secret: `secret from FAC step #4-5`
7) Config Mode: `Auto-Configuration`
8) Access token pass-through: `Prohibited`
9) Save
![SP](screenshots/engomo03.png)
**#2 Users & Devices > Users**
1) Create a new user (`+` icon) or use an existing one
2) Authenticator: Choose `FortiAuthenticator` from step #2
![User](screenshots/engomo04.png)