WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
Boilerplates/IdentityProvider/engomo.md

73 lines
2.2 KiB
Markdown
Raw Permalink Blame History

# Engomo
## Base URLs:
IDP: `fac.mydomain.com`
SP: `engomo.mydomain.com`
## FAC
**#1 Authentication > OAuth Service > Portals**
1) Create New
2) Name: `Engomo`
3) leave everything else default
4) Save
![IDP](images/engomo_idp_01.png)
**#2 Authentication > OAuth Service > Policies**
1) Create New
2) Policy type: Name: `Engomo`
3) Identity sources: `Realm: select your realm and Groups in den Filter that should have access`
4) Authentication factors: Change settings to your needs, f.e. `Application name for FTM push notification: Engomo`
![IDP](images/engomo_idp_02.png)
**#3 Authentication > OAuth Service > Scopes**
1) Create New
2) Name: `profile`
3) Name: `email`
![IDP](images/extra_scopes_01.png)
**#4 Authentication > OAuth Service > Relying Party**
1) Name: `Engomo`
2) Client type: `Confidential`
3) Authorization grant types: `Authorization code`
4) Client ID: `note this ID`
5) Client secret: `note this secret`
6) Policy: `choose Engomo from Step 2`
7) Access token expiry: `change to your needs or leave default (36000 seconds)`
8) Refresh token expiry: `change to your needs or leave default (1 day)`
9) Redirect URIs: `https://engomo.mydomain.com/auth`
10) Add 3 Scopes with `+ Add Relying Party Scope`
11) Set the scopes to this:
| Scope | Default |
| :--- | :----: |
| openid | x |
| email | x |
| profile | x |
12) Save
13) Add 1 Claim with `+ Add Claim`
14) Set the Claims to this:
| Scope | Name | User Attribute |
| :--- | :----: | :----: |
| openid | preferred_username | Email |
15) Save
![IDP](images/engomo_idp_03.png)
## Engomo
**#1 Server > Authentication**
1) Hit the `+` icon to add a new IDP
2) Name: `FortiAuthenticator` (choose name whatever you want)
![createSP](images/engomo_sp_01.png)
3) Type: OpenID Connect
4) Issuer: https://fac.mydomain.com/api/vl/oauth
5) Client ID: `ID from FAC step #4-4`
6) Client secret: `secret from FAC step #4-5`
7) Config Mode: `Auto-Configuration`
8) Access token pass-through: `Prohibited`
9) Save
![SP](images/engomo_sp_02.png)
**#2 Users & Devices > Users**
1) Create a new user (`+` icon) or use an existing one
2) Authenticator: Choose `FortiAuthenticator` from step #2
![User](images/engomo_sp_03.png)
Reference in New Issue View Git Blame Copy Permalink