We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Configuring OKTA for Open ID Connect on Barracuda Web Application Firewall

  • Last updated on

This section walks you through the steps on how to integrate the Barracuda WAF Access Control module with OpenID Connect-based authentication. The Barracuda Web Application Firewall allows customers to authenticate users in a simplified way using OpenID Connect. The URLs are personalized and can be referred here.

After installing OKTA, users will authenticate with OKTA through OpenID Connect for accessing the service hosted on the Barracuda Web Application Firewall. The authentication is done before allowing access to the application protected by the service on the WAF.

Step 1 : Configuring OKTA

Note: Before starting the configuration, ensure that you have an active account created on OKTA.

  1. Log into the Okta Developer Dashboard and click ApplicationsCreate New App.
  2. In the Create a New Application Integration dialog box, select OpenID Connect and then click Create.

    OKTA1.png
  3. Enter the following details:
    1. Add the domain name of the application that you want to provide authentication.
    2. Configure the Login Redirect URI as https://domain/openid-connect/redirect
      okta3.png
    3.  Click Save to save the configuration. Also, make a note of the client ID and Client Secret strings.
  4. Bind users to the application in OKTA. You can follow the instructions of the OKTA screens to assign users.
    okta4.png

    okta5.png
    okta6.png
  5. OKTA OpenID Connect Discovery URL.
    The discovery URL is of the format: https://<oktadomain>/.well-known/openid-configuration
    Example https://selahcloudoauth.okta.com/.well-known/openid-configuration
    The domain name can be retrieved from the Single Sign On tab as shown below:

    okta7.png
Step 2 : Configuring OKTA for OpenID Connect on the Barracuda Web Application Firewall 
  1. Log into the Barracuda Web Application Firewall and navigate to ACCESS CONTROL > Authentication Services > Open ID Connect.
  2. In the  Real Name  box, specify a name to identify the authentication service on the Barracuda Web Application Firewall. The OpenID Connect Alias name for the identity provider displays the application login page. 
  3. Enter the discovery URL and click Retrieve to display the end point URLs in the fields by default (except for client/clientsec). 
  4. Configure the client ID and client secret that you noted in the OKTA configuration. Also, ensure that the Scope field has the OpenID displayed.
  5. Click Add. The OKTA OpenID Connect authentication service is displayed in the Existing Authentication Service section.
  6. Configure the authentication policy and authorization rule for the service.

    okta8.png

    okta9.png
    image2020-5-26 13:43:35.png

 

Step 3 : Validating the Integration
  1. Go to the URL for which the authorization rule exists. In this example the URL is https://oauth.selahcloud.in/index.html.
  2. Select the OpenID Connect Realm and then click Submit.
  3. Enter the credentials to log in.
    image2020-5-26 13:45:30.png
Last updated on