Workshop
- Identity provider
- WARP and device posture
- Cloudflare Tunnel
- Access and Private Network
- Browser isolation and App launcher
- Digital experience monitoring
For the final exercise, you will set up tenant control for a SaaS application.
Your task is to authenticate to our SaaS application and retrieve a completion token by adding an HTTP header with a shared secret to your request.
We created a mock SaaS application that will only return a token if a header with a shared secret is present. The service is available at the following URL:
https://saas.app.cfiq.io/zt/v1/seed
Before you start, verify the default response from this service when the header is not present. With WARP on, run the following command:
curl.exe https://saas.app.cfiq.io/zt/v1/seed
Unauthorized, missing x-get-token.
Unfinished
as the response, because the service isn’t able to authenticate the user.We won’t be providing specific steps for this exercise, you now have all the knowledge you need to set this up yourself.
Using the knowledge you’ve gained from the lab so far, add the following header to all HTTP requests sent from WARP-connected clients to the SaaS application.
Custom Header Name: x-get-token
Custom Header Value: ZKdBpMwDm0An8GtOv, {LAB_SLUG}
Return to your terminal and with WARP on run the same command again. The request should now have the custom header added and that will allow the mock SaaS application to authenticate the user. The service should then return a token in response.
curl.exe https://saas.app.cfiq.io/zt/v1/seed
⚙️ nocopy ⚙️
Enter this token in the 301 Zero Trust e-learning course:
🟨completion-token-will-be-here
-k
parameter to curl
to bypass this check.If you’re doing this lab as part of a Cloudflare University course, use the completion token returned above to collect your credit.