Take the following steps to set up NGINX ACM/DevPortal OIDC and test it for Ping Identity integration.
-
Ensure that you use different application and callback/logout URLs as the following example unlike that are already created to test your containerized NGINX Plus.
Category Example Application Name nginx-devportal-appRedirect URIs https://nginx.devportal.pingidentity.test/_codexchSignoff URLs https://nginx.devportal.pingidentity.test/_logout -
Edit
hostsfile in your laptop via if you want to locally test your app:$ sudo vi /etc/hosts 127.0.0.1 nginx.devportal.pingidentity.test # Note : The provided IP address should be of the host where you installed the Dev Portal packages. # Also make sure your controller and Dev Portal /etc/hosts files have similar entries.
Configure a Dev Portal by either referencing NGINX Management Suite Docs of How To Set Up a NGINX Dev Portal or taking the following steps of calling APIs:
Note:
Download an example of postman collection for easily testing the following steps.
-
Open a Postman collection, and edit ACM password and variables:
-
Create a
infra > workspace:POST https://{{ctrl_ip}}/api/acm/v1/infrastructure/workspacesBody:{ "name": "{{infraworkspacename}}" } -
Create a
proxy > workspace:POST https://{{ctrl_ip}}/api/acm/v1/services/workspacesBody:{ "name": "{{proxyworkspacename}}" } -
Create an environment of
Dev Portal:POST https://{{ctrl_ip}}/api/acm/v1/infrastructure/workspaces/{{infraworkspacename}}/environmentsOption 1. Request Body for None PKCE:
{ "name": "{{environmentname}}", "functions": ["DEVPORTAL"], "proxies": [ { "proxyClusterName": "{{devPinstanceGroupName}}", "hostnames": ["{{devPenvironmentHostname}}"], "runtime": "PORTAL-PROXY", "policies": { "oidc-authz": [ { "action": { "authFlowType": "AUTHCODE", "jwksURI": "https://{{idpDomain}}/{{idpEnvironmentId}}/as/jwks", "tokenEndpoint": "https://{{idpDomain}}/{{idpEnvironmentId}}/as/token", "userInfoEndpoint": "https://{{idpDomain}}/{{idpEnvironmentId}}/as/userinfo", "authorizationEndpoint": "https://{{idpDomain}}/{{idpEnvironmentId}}/as/authorize", "logOffEndpoint": "https://{{idpDomain}}/{{idpEnvironmentId}}/as/signoff", "logOutParams": [], "TokenParams": [ { "paramType": "HEADER", "key": "Accept-Encoding", "value": "gzip" } ], "uris": { "loginURI": "/login", "logoutURI": "/logout", "redirectURI": "/_codexch", "userInfoURI": "/userinfo" } }, "data": [ { "clientID": "{{clientId}}", "clientSecret": "{{clientSecret}}", "scopes": "openid+profile+email" } ] } ], "tls-inbound": [ { "data": { "serverCerts": [ { "key": "{{TLSKey}}", "cert": "{{TLSCert}}" } ] } } ] } } ] }Option 2. Request Body for PKCE:
{ : "authFlowType": "PKCE", : "clientSecret": "{{clientSecret}}", -> Remove this line. : } -
Get an environment of
Dev Portal:GET https://{{ctrl_ip}}/api/acm/v1/infrastructure/workspaces/{{infraworkspacename}}/environmentsResponse:{ : curl -k https://<CTRL-FQDN>/install/nginx-agent > install.sh && sudo sh install.sh -g devp-group && sudo systemctl start nginx-agent : } -
SSH into the instance of Dev Portal, and run the following commands:
curl -k https://<CTRL-FQDN>/install/nginx-agent > install.sh && sudo sh install.sh -g devp-group && sudo systemctl start nginx-agent -
Delete an environment of
Dev Portal:DELETE https://{{ctrl_ip}}/api/acm/v1/infrastructure/workspaces/{{infraworkspacename}}/environments/{{environmentname}}
-
Open a web browser and access the Dev Portal's FQDN like
https://nginx.devportal.pingidentity.test.
-
Enter your name and password which are registered in PingOne.
-
Try
LoginandLogout.
-
Test the above TWO steps after changing IdP (PKCE option) and updating Dev Portal via NGINX ACM API.
