-
Hi, has anyone tried to use Zitadel to bridge/broker a connection between NGINX (Open Source version) and an IdP like MS Entra ID / Okta ? The commercial version of NGINX ("NGINX Plus") allows a direct integration with an IdP (by using the ngx_http_auth_jwt_module to parse the access token), but that is not available on the open-source version of NGINX. Has anyone tried to use Zitadel as intermediary between NGINX and an IdP like MS EntraID or Okta ? Thanks, John |
Beta Was this translation helpful? Give feedback.
Answered by
fforootd
Apr 29, 2024
Replies: 1 comment 3 replies
-
@eliobischof @stebenz can you help here? |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @johnmgn
While zitadel totally can do the brokering for you from sources like Entra and Okta I think the challenge is more on the nginx integration side. In other words, even if you use zitadel with nginx, you still need to verify the token zitadel provides (so close to the same with entra/okta).
What you could do is combine a nginx with https://github.com/oauth2-proxy/oauth2-proxy (nginx will only do the proxy stuff and oauth proxy will check the tokens).
Or what also should work is this lua extension https://github.com/zmartzone/lua-resty-openidc?tab=readme-ov-file#sample-configuration-for-oauth-20-jwt-token-validation
Hope this helps you