-
|
Hi, has anyone tried to use Zitadel to bridge/broker a connection between NGINX (Open Source version) and an IdP like MS Entra ID / Okta ? The commercial version of NGINX ("NGINX Plus") allows a direct integration with an IdP (by using the ngx_http_auth_jwt_module to parse the access token), but that is not available on the open-source version of NGINX. Has anyone tried to use Zitadel as intermediary between NGINX and an IdP like MS EntraID or Okta ? Thanks, John |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
@eliobischof @stebenz can you help here? |
Beta Was this translation helpful? Give feedback.
-
|
Hi @johnmgn While zitadel totally can do the brokering for you from sources like Entra and Okta I think the challenge is more on the nginx integration side. In other words, even if you use zitadel with nginx, you still need to verify the token zitadel provides (so close to the same with entra/okta). What you could do is combine a nginx with https://github.com/oauth2-proxy/oauth2-proxy (nginx will only do the proxy stuff and oauth proxy will check the tokens). Hope this helps you |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your help. I will check these out. |
Beta Was this translation helpful? Give feedback.
-
|
Perfect, let me know how it goes 😁 |
Beta Was this translation helpful? Give feedback.
Hi @johnmgn
While zitadel totally can do the brokering for you from sources like Entra and Okta I think the challenge is more on the nginx integration side. In other words, even if you use zitadel with nginx, you still need to verify the token zitadel provides (so close to the same with entra/okta).
What you could do is combine a nginx with https://github.com/oauth2-proxy/oauth2-proxy (nginx will only do the proxy stuff and oauth proxy will check the tokens).
Or what also should work is this lua extension https://github.com/zmartzone/lua-resty-openidc?tab=readme-ov-file#sample-configuration-for-oauth-20-jwt-token-validation
Hope this helps you