You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,6 +63,7 @@ All files can be copied to **/etc/nginx/conf.d**
63
63
* Set the **redirect URI** to the address of your NGINX Plus instance, with `/_codexch` as the path, e.g. `https://my-nginx.example.com/_codexch`
64
64
* Ensure NGINX Plus is configured as a confidential client (with a client secret)
65
65
* Make a note of the `client ID` and `client secret`
66
+
* Download the `jwks_uri` JWK file to your NGINX Plus instance
66
67
67
68
* Obtain the URL for the **authorization endpoint**
68
69
@@ -75,6 +76,7 @@ Review the following files copied from the GitHub repository so that they match
75
76
***frontend.conf** - this is the reverse proxy configuration and where the IdP is configured
76
77
* Modify the upstream group to match your backend site or app
77
78
* Configure the preferred listen port and [enable SSL/TLS configuration](https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/)
79
+
* Set the value of `$oidc_jwt_keyfile` to match the downloaded JWK file from the IdP and ensure that it is readable by the NGINX worker processes
78
80
* Modify all of the `set $oidc_` directives to match your IdP configuration
79
81
* Set a unique value for `$oidc_hmac_key` to ensure nonce values are unpredictable
0 commit comments