Pehea e hoʻonohonoho ai i ka Hailbytes VPN Authentication

Introduction

I kēia manawa ua hoʻonohonoho a hoʻonohonoho ʻia ʻo HailBytes VPN, hiki iā ʻoe ke hoʻomaka e ʻimi i kekahi o nā hiʻohiʻona palekana a HailBytes e hāʻawi. Hiki iā ʻoe ke nānā i kā mākou blog no nā ʻōkuhi hoʻonohonoho a me nā hiʻohiʻona no ka VPN. Ma kēia ʻatikala, e uhi mākou i nā ala hōʻoia i kākoʻo ʻia e HailBytes VPN a pehea e hoʻohui ai i kahi ala hōʻoia.

Overview

Hāʻawi ʻo HailBytes VPN i nā ʻano hana hōʻoia ma waho o ka hōʻoia kūloko kūloko. No ka hōʻemi ʻana i nā pilikia palekana, paipai mākou e hoʻopau i nā hōʻoia kūloko. Akā, paipai mākou i ka hōʻoia multi-factor authentication (MFA), OpenID Connect, a i ʻole SAML 2.0.

Hoʻohui ʻo MFA i kahi papa o ka palekana ma luna o ka hōʻoia kūloko. Loaʻa iā HailBytes VPN nā mana i kūkulu ʻia i loko a me ke kākoʻo no ka MFA waho no nā mea hoʻolako ʻike kaulana e like me Okta, Azure AD, a me Onelogin.

ʻO OpenID Connect kahi papa ʻike i kūkulu ʻia ma ka protocol OAuth 2.0. Hāʻawi ia i kahi ala palekana a maʻamau e hōʻoia a loaʻa i ka ʻike mea hoʻohana mai kahi mea hoʻolako ʻike me ka ʻole e komo i nā manawa he nui.

ʻO SAML 2.0 kahi maʻamau wehe XML no ka hoʻololi ʻana i ka ʻike hōʻoia a me ka ʻae ʻana ma waena o nā ʻaoʻao. Hāʻawi ia i nā mea hoʻohana e hōʻoia i hoʻokahi manawa me kahi mea hoʻolako ʻike me ka ʻole e hōʻoia hou i ke komo ʻana i nā noi like ʻole.

Hoʻohui OpenID me Azure Set up

Ma kēia ʻāpana, e hele pōkole mākou i ka hoʻohui ʻana i kāu mea hoʻolako ʻike me ka OIDC Multi-Factor Authentication. Kuhi ʻia kēia alakaʻi i ka hoʻohana ʻana iā Azure Active Directory. Loaʻa i nā mea hoʻolako ʻike like ʻole nā hoʻonohonoho maʻamau a me nā pilikia ʻē aʻe.

Paipai mākou iā ʻoe e hoʻohana i kekahi o nā mea hoʻolako i kākoʻo piha ʻia a hoʻāʻo ʻia: Azure Active Directory, Okta, Onelogin, Keycloak, Auth0, a me Google Workspace.

Inā ʻaʻole ʻoe e hoʻohana i kahi mea hāʻawi OIDC i manaʻo ʻia, pono nā hoʻonohonoho ma lalo nei.

a) discovery_document_uri: ʻO ka URI hoʻonohonoho hoʻonohonoho OpenID Connect nāna e hoʻihoʻi i kahi palapala JSON i hoʻohana ʻia no ke kūkulu ʻana i nā noi hope i kēia mea hāʻawi OIDC. Ke kuhikuhi nei kekahi mau mea hoʻolako i kēia ma ke ʻano he "URL kaulana".

b) client_id: ʻO ka ID mea kūʻai aku o ka palapala noi.

c) client_secret: ʻO ka mea huna o ka mea kūʻai aku o ka noi.

d) redirect_uri: Aʻo i ka mea hoʻolako OIDC i kahi e hoʻohuli hou ai ma hope o ka hōʻoia ʻana. ʻO kēia kāu Firezone EXTERNAL_URL + /auth/oidc/ /callback/, laʻa https://firezone.example.com/auth/oidc/google/callback/.

e) response_type: Hoʻonoho i ke code.

f) laulā: Nā ʻāpana OIDC e loaʻa mai kāu mea hāʻawi OIDC. Ma ka liʻiliʻi loa, pono ʻo Firezone i ka openid a me ka leka uila.

g) lepili: ʻO ka kikokikona lepili pihi i hōʻike ʻia ma ka ʻaoʻao komo komo puka Firezone.

E hoʻokele i ka ʻaoʻao Azure Active Directory ma ka Azure portal. E koho i ka loulou kau inoa App ma lalo o ka Manage menu, kaomi New Registration, a hoʻopaʻa inoa ma hope o ke komo ʻana i kēia:

a) Ka inoa: Firezone

b) Nā ʻano moʻokāki i kākoʻo ʻia: (Ka Papa kuhikuhi Paʻamau wale nō - ka mea hoʻolimalima hoʻokahi)

c) Hoʻohuli hou i ka URI: ʻO kēia kāu Firezone EXTERNAL_URL + /auth/oidc/ /callback/, laʻa https://firezone.example.com/auth/oidc/azure/callback/.

Ma hope o ke kau inoa ʻana, wehe i ka ʻike kikoʻī o ka noi a kope i ka ID Application (client). ʻO kēia ka waiwai client_id.
E wehe i ka papa kuhikuhi hope e kiʻi i ka palapala metadata OpenID Connect. ʻO kēia ka waiwai discovery_document_uri.

E koho i ka loulou palapala hōʻoia & mea huna ma lalo o ka Manage menu a hana i kahi huna mea kūʻai hou. E kope i ka mea huna o ka mea kūʻai aku. ʻO kēia ka waiwai client_secret.

E koho i ka loulou API ma lalo o ka Manage menu, kaomi Hoʻohui i ka ʻae, a koho iā Microsoft Graph. Hoʻohui i ka leka uila, openid, offline_access a me ka ʻaoʻao i nā ʻae i koi ʻia.

E hoʻokele i ka ʻaoʻao / hoʻonohonoho / palekana i ka portal admin, kaomi "Add OpenID Connect Provider" a hoʻokomo i nā kikoʻī i loaʻa iā ʻoe ma nā ʻanuʻu ma luna.

E ho'ā a ho'opau paha i ke koho 'Aunoa hana i nā mea ho'ohana no ka hana 'akomi i mea ho'ohana pono 'ole ke kau inoa ma o kēia hana hō'oia.

Hoʻomaikaʻi! Pono ʻoe e ʻike i kahi pihi Hoʻokomo me Azure ma kāu ʻaoʻao ʻaoʻao.

Panina

Hāʻawi ʻo HailBytes VPN i nā ʻano hana hōʻoia, me ka hōʻoia multi-factor, OpenID Connect, a me SAML 2.0. Ma ka hoʻohui ʻana iā OpenID Connect me Azure Active Directory e like me ka mea i hōʻike ʻia ma ka ʻatikala, hiki i kāu limahana ke komo maʻalahi a paʻa i kāu mau kumuwaiwai ma ka Cloud a i ʻole AWS.

Ua hōʻike ʻia ka ʻike alakaʻi LockBit - Pono a Troll paha?

Ua hōʻike ʻia ka ʻike alakaʻi LockBit - kūpono a i ʻole Troll?

E 9, 2024 No Comments

Ua hōʻike ʻia ka ʻike alakaʻi LockBit - kūpono a i ʻole Troll? Ua ʻike nui ʻia ʻo ia kekahi o nā pūʻulu ransomware nui loa ma ka honua, ua puka mua ʻo Lockbit ma

Heluhelu »

Pehea e wehe ai i ka metadata mai kahi faila

April 27, 2024 No Comments

Pehea e Wehe ai i ka Metadata mai kahi File Introduction Metadata, i wehewehe pinepine ʻia he "ʻikepili e pili ana i ka ʻikepili," ʻo ia ka ʻike e hāʻawi ana i nā kikoʻī e pili ana i kahi faila. ʻO ia

Heluhelu »

Ke kāʻalo ʻana i ka Pūnaewele Pūnaewele me TOR

April 27, 2024 No Comments

Kaʻalo ʻana i ka Internet Censorship me TOR Introduction Ma kahi honua kahi e hoʻoponopono nui ʻia ai ka ʻike, ua lilo nā mea hana e like me ka pūnaewele Tor i mea koʻikoʻi no

Heluhelu »

Pehea e hoʻonohonoho ai i ka Hailbytes VPN Authentication

Introduction

Overview

Hoʻohui OpenID me Azure Set up

Panina

Ua hōʻike ʻia ka ʻike alakaʻi LockBit - kūpono a i ʻole Troll?

Pehea e wehe ai i ka metadata mai kahi faila

Ke kāʻalo ʻana i ka Pūnaewele Pūnaewele me TOR

Services

ʻO kā mākou hui

ʻO kā mākou pane

pāʻoihana

FAQ palekana

Social Media