We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Configuring Keycloak Server for Open ID Connect on Barracuda Web Application Firewall

  • Last updated on

The Barracuda Web Application Firewall can authenticate users configured on Keycloak Server using OpenID Connect.

Perform the following steps to configure Keycloak Server on the Barracuda Web Application Firewall:

Step 1 - Create an HTTPS Service on the Barracuda Web Application Firewall. 

For more information on how to create a HTTPS service refer to, Creating an HTTPS Service

Step 2 - Generating Keycloak Server's Client ID and Client Secret
  1. Log into the Keycloak Server Administrator Console and provide administrator username and password.
  2. In the left pane, select Add Realm and specify the name of the realm. Example, Test.
  3. Select the realm that you added(For example, Test).
  4. Click Clients > Create to create a client. Example, adc-user. The client is displayed in the client ID column.
  5. Select the client that you created and configure Redirect URI for the client in the Valid Redirect URI box.
  6. Save the configuration.

     

Step 3 - Configuring Keycloak Open ID connect provider on Barracuda Web Application Firewall
  1. In the Real Name box, specify a name to identify the OpenId connect provider on the Barracuda Web Application Firewall. Example: Keycloak
  2. Choose Discovery URL as the mode to identify the provider's endpoint configuration.
  3. Specify the metadata URL of the Keycloak Server Open ID Connect. Example, https://<KeyCloak OpenID server IP>/.well -known /openid -configuration

  4. Click Retrieve to display all other details by default.
    KC1.png
  5. Configure the client ID and client secret that you obtained when registering the application with the keycloak open ID connect provide and then click Add. The Keycloak Open ID connect authentication service is displayed in the Existing Authentication Service section.
    kc2.png
Step 4 - Configure the Authentication Policy for the service
  1. Go to the ACCESS CONTROL > Authentication Policies page.
  2. In the Authentication Policies section, click on Edit Authentication next to the service to which you want to enable authentication.
  3. In the Edit Authentication Policies window, configure the following:
    1. Set Status to On.

    2. Select the keycloak authentication service created from the Authentication Service drop-down list.

    3. Verify the Redirect URLto match with the redirect URL configured on Keycloak server.
  4. The login page is selected by default in the Access Control Pages section.

  5. Click Save.

Step 5 - Configure the Authorization policy for the service
  1. Go to the ACCESS CONTROL > Authentication Policies page.
  2. In the Authentication Policies section, click on Add Authorization next to the service to which you want to enable authorization.
  3. In the  Add Authorization Policy  section, configure the following:
    1. Policy Name – Enter a name for the policy.
    2. Set Status to On.
    3. URL Match  – Enter the URL that needs to be matched in the request. For example “/*”
    4. Host Match – Enter the host name to be matched against the host in the request.
  4. Click Save.
Step 5 - Verify by logging into the application using your keyCloak credentials
Last updated on