Take the following steps to run NGINX Plus in a Docker container and test OIDC for Ping Identity integration.
Note: You could remotely test in your remote machine if you copy entire files there.
-
Edit
hostsfile in your laptop via if you want to locally test your app:$ sudo vi /etc/hosts 127.0.0.1 nginx.pingidentity.test
-
Download NGINX Plus license files, and copy them to
./docker/build-context/ssl/nginx-repo.crt nginx-repo.key
-
Start a Docker container:
$ make start
-
Check Docker container's status:
$ make watch
-
Run a Web Browser with
https://nginx.pingidentity.test:17000, and enter anIdP application'sclient ID:
-
Login to click
Sign inbutton:Enter your name and password which are registered in PingOne.
You will see the following screen once you are successfully signed-in.
-
Test a secured sample API with access token by clicking
Call a Sample Proxied API:Note:
Modify an URI if you want to test one of your API endpoints where access token is included in the header.
-
An endpoint of sample API is defined in
oidc_frontend_backend.conf. You can add any API endpoint when you want to use an access token by referencing the following example:location /v1/api/example { auth_jwt "" token=$access_token; auth_jwt_key_request /_jwks_uri; # Enable when using URL proxy_set_header Authorization "Bearer $access_token"; proxy_pass http://my_backend_app; access_log /var/log/nginx/access.log oidc_jwt; }
Note: Most of IDP supports JWT format access token although it is not mandatory. So, we validate it using
auth_jwt.
-
-
Logout to click 'Sign out' button:
-
Stop Docker containers
$ make down
-
Remove Docker container images
$ make clean