Fortinet black logo

CLI Reference

Home FortiWeb 7.4.0 CLI Reference
7.4.0
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.3
6.4.2
6.4.1
6.4.0
6.3.23
6.3.19
6.3.18
6.3.17
6.3.16
6.3.15
6.3.14
6.3.13
6.3.11
6.3.10
6.3.9
6.3.7
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.2
6.1.1
5.7.0
5.6.1
5.6.0

user oauth-user server

user oauth-user server

FortiWeb supports front-end authentication with third party authentication servers such as Google and Facebook.

Use this command to add the third party authentication server information.

To use this command, your administrator account’s access control profile must have either w or rw permission to the authusergrp area. For details, see Permissions.

Syntax

config user oauth-user server

edit <server_name>

set mode {client | resource-server | both}

set scope <string>

set oidc {enable | disable}

set client-id <string>

set client-secret <passwd>

set redirect-endpoint <string>

set authz-req <datasource>

set token-req <datasource>

set validate-req <datasource>

set validate-frequency {session | transaction | interval}

set validate-interval <integer>

set userinfo-req <datasource>

set jwks-req <datasource>

next

end

Variable Description Default
mode {client | resource-server | both} Select whether FortiWeb works as an authorization client or a resource server, or both. No default
scope <string> Enter the scope field for OAuth. No default

oidc {enable | disable}

Enable to use OIDC authentication.

disable
client-id <string> A client credential. Assigned by authorization server. urlencoded
client-secret <passwd> A client credential. Assigned by authorization server. No default
redirect-endpoint <string> Redirection URL back to FortiWeb.

disable
authz-req <datasource> The authorization request created in config user oauth-user request.

No default
token-req <datasource> The token request created in config user oauth-user request.

No default
refresh-req <datasource>

The refresh request created in config user oauth-user request.

No default
validate-req <datasource>

The valid request created in config user oauth-user request.

No default
validate-frequency {session | transaction | interval} Whether to validate the request per session, transaction, or every several second.

No default

validate-interval <integer>

If the validate-frequency is interval, then enter the interval time.

No default

userinfo-req <datasource>

The user info request created in config user oauth-user request.

No default

jwks-req <datasource>

The JWKS request created in config user oauth-user request.

Available only if oidc is enabled.

No default

Related topics

Previous
Next

user oauth-user server

FortiWeb supports front-end authentication with third party authentication servers such as Google and Facebook.

Use this command to add the third party authentication server information.

To use this command, your administrator account’s access control profile must have either w or rw permission to the authusergrp area. For details, see Permissions.

Syntax

config user oauth-user server

edit <server_name>

set mode {client | resource-server | both}

set scope <string>

set oidc {enable | disable}

set client-id <string>

set client-secret <passwd>

set redirect-endpoint <string>

set authz-req <datasource>

set token-req <datasource>

set validate-req <datasource>

set validate-frequency {session | transaction | interval}

set validate-interval <integer>

set userinfo-req <datasource>

set jwks-req <datasource>

next

end

Variable Description Default
mode {client | resource-server | both} Select whether FortiWeb works as an authorization client or a resource server, or both. No default
scope <string> Enter the scope field for OAuth. No default

oidc {enable | disable}

Enable to use OIDC authentication.

disable
client-id <string> A client credential. Assigned by authorization server. urlencoded
client-secret <passwd> A client credential. Assigned by authorization server. No default
redirect-endpoint <string> Redirection URL back to FortiWeb.

disable
authz-req <datasource> The authorization request created in config user oauth-user request.

No default
token-req <datasource> The token request created in config user oauth-user request.

No default
refresh-req <datasource>

The refresh request created in config user oauth-user request.

No default
validate-req <datasource>

The valid request created in config user oauth-user request.

No default
validate-frequency {session | transaction | interval} Whether to validate the request per session, transaction, or every several second.

No default

validate-interval <integer>

If the validate-frequency is interval, then enter the interval time.

No default

userinfo-req <datasource>

The user info request created in config user oauth-user request.

No default

jwks-req <datasource>

The JWKS request created in config user oauth-user request.

Available only if oidc is enabled.

No default

Related topics

Previous
Next