Hey All,
Wondering if i could get some architectural on if it's possible to keep my IDP provider dark while using BrowZer?
Currently for SSO onto the Ziti network, i've got a tunnel on the controller which is tunneling the redirects for my IDP into the LAN where the IDP is hosted,
Now this works fine for users connecting to the Ziti network and signing up, and admins accessing Zac. However, due to the way that BrowZer works from my understanding, it doesn't touch the Ziti network untill it's authenticated with an IDP then it passes information on via Ziti however when the issuer address is dark and not publically accessible this breaks that chain.
I have had a couple ideas that i think might work here but wanted to see if there was anything i might be missing here,
-
Zitifed caddy proxy on the controller intercepting the issuer address which is then proxied to use the current service configured to allow SSO to work (The one intercepting the re-directs)
-
Zrok public share as the "issuer" address so that when Browzer tries to connect its essentially tunneled to the IDP app. Which is kind of doing the same as the caddy proxy.
The goal here is to keep everything dark essentially while still utilsing the functionality offered,
Thanks,
C