FireZone

Using the OIDC protocol as the IDP to connect various applications, such as FireZone

This guide configures FireZone to use Hanzo IAM as the OIDC IdP.

Step 1: Deploy Hanzo IAM and FireZone

Deploy Hanzo IAM and FireZone.

After a successful deployment, ensure the following:

Set the FireZone URL (Sigin -> Security -> Add OpenID Connect Provider) to FIREZONE_HOSTNAME.

Hanzo IAM can be logged in and used normally.

IAM_HOSTNAME: http://localhost:8000, if you deploy Hanzo IAM using the default app.conf.

Step 2: Configure Hanzo IAM application

Create a new Hanzo IAM application or use an existing one.

Add a redirect URL: For example, if the Configid in the FireZone Provider is TEST, the redirect URL should be http://[FIREZONE_HOST]/auth/oidc/[PROVIDER_CONFIG_ID]/callback/. REDIRECT_URL

OIDC discovery: http://<IAM_HOSTNAME>/.well-known/openid-configuration.

Configure FireZone: Security -> Add OpenID Connect Provider OIDC_CONFIG

Discovery Document URI: The FireZone Provider Discovery Document URI should be https://[IAM_HOST]/.well-known/openid-configuration.
Scopes: openid email profile
ConfigID: Must match the provider config ID used in the redirect URL (e.g. if redirect URL is .../auth/oidc/TEST/callback/, use ConfigID TEST).
Auto-create users: Successful login will automatically create a user.

Log out of FireZone and test SSO

FIREZONELOGIN

Step 1: Deploy Hanzo IAM and FireZone

Step 2: Configure Hanzo IAM application

Log out of FireZone and test SSO

On this page