Browzer can not setup

hi again :slight_smile: ı setuped browzer but it didn't work. it's my last step output.

echo " "
echo "now go to: https://${ZITI_BROWZER_VHOST}:${ZITI_BROWZER_BOOTSTRAPPER_LISTEN_PORT} and see your ${ZITI_BROWZER_SERVICE}!"
echo " "
 
now go to: https://brozac.browzerexample.demo.openziti.org:8446 and see your brozac!
 

.ı watched video and when ı try to curl 127.0.0.1 connection refused

Hi @oksanassss - if you see "https://brozac.browzerexample.demo.openziti.org:8446", you've definitely not set things up properly. Maybe you took this comment from the doc too literally,

image

you need to set that url to be YOUR url. For example, "my.browzer.install.company.com" or "browzer.netfoundry.io" or something, anything that you have a wildcard certificate for.

You'll also never be able to use curl with browzer. It's very much dependent on a web browzer. curl won't work at all.

after the this step must ı install idendity to my device ?

No. BrowZer works exclusively with your web browser and is both "clientless" (you don't need to install an extension or software on the computer) and "identityless" (you do not need to enroll the device in the standard OpenZiti way).

BrowZer will use external jwt providers -- in this case some OAuth/OIDC IdP to verify your trust and allow your client to connect to the overlay network. This is why the "claim" specified in the ext-jwt-provider must map to the claim returned in the jwt from the authenticated IdP. That field is mapped to an identity which has a corresponding "external" id set.

For example, if I grep my browzer install for my identity:

ziti edge list identities 'name = "clint.dovholuk@company.name"'  -j | grep ext
            "externalId": "clint.dovholuk@company.name",

you'll see MY identity has an "externalId" set to my email address. When I login to my IdP (in this case, I use keycloak and I federate to GitHub and Google), if I successfully authenticate, BrowZer gets a JWT with a claim of 'clint.dovholuk@company.name', and that matches an identity, and thus I'm allowed to connect to the overlay network.