The Barracuda Web Application Firewall supports OpenID Connect for authenticating and authorizing its users to applications that use Google, MS Azure AD, and other identity providers for user logins.
The steps on how the client obtains user information is explained in detail.
- First, when the client requests access to a web page hosted on the Barracuda Web Application Firewall, it is redirected to the authorization server to start the login procedure.
- The client then calls the authorization endpoint sent by the WAF and authorizes itself with the credentials provided.
- After successful authorization, the client is redirected to the redirect URI configured on the WAF, after which an authorization code is passed as query parameter.
- The Barracuda WAF requests an access token from the authorization server for using the ClientID, Client Secret, and authorization code.
- After answering with an access token and, optionally, an ID token, the WAF requests a “userinfo” endpoint to get user information. The authorization server answers with the information about the user.