NGINX Modern Apps Source | Edit on
Class 9: Zero Trust at Scale with F5 NGINX¶
Note
Last Updated: 1/22/2025
Instructors at F5 AppWorld 2025:
- Amir Rawdat <a.rawdat@f5.com>
- Jay Pena <j.pena@f5.com>
UDF Lab Maintainers:
- Amir Rawdat <a.rawdat@f5.com>
- Scott Huddy <s.huddy@f5.com>
This lab will show how to enable single sign-on (SSO) for applications being proxied by NGINX Plus. The solution uses OpenID Connect as the authentication mechanism, with BIG-IP APM as the identity provider (IdP), and NGINX Plus as the relying party. The lab will also cover the creation of an Instance Group of NGINX Plus servers, which will be load balanced using F5 BIG-IP DNS (GSLB), and introduce NGINX Instance Manager.
Expected time to complete: 1.5 hours
- Introduction
- Let’s Get Started - Join the UDF Course
- Installing Prerequisites:
- Configuring the BIG-IP APM as an Authorization Server
- Create scopes for the Oauth/OIDC communication
- Create claims for the Oauth/OIDC communication
- Create the client application which is NGINX Plus in this lab
- Create the JSON Web Token(JWT) Key configuration for the Oauth/OIDC communication
- Create the OAuth profile for the Oauth/OIDC communication
- Create Local User database for the Oauth/OIDC communication
- Create Local User for the Oauth/OIDC communication
- Create an Access per-session profile for the Oauth/OIDC communication
- Edit Access profile per-session policy for the Oauth/OIDC communication
- Create Virtual Server to support the Oauth/OIDC communication
- Obtain the Client ID and Client Secret generated by the BIG-IP
- Configure NGINX Plus as the OpenID Connect relying party
- Testing the config
- Manage NGINX Plus with Instance Manager
Important
- The Lab MC will provide the necessary details to connect to lab environment
- All work for this lab will be performed exclusively from the UDF Webshell and Firefox Container
- No installation and only minimal interaction with your local system is required
Attention
- For anyone wishing to take this lab at a later date, the lab is hosted on the F5 UDF Environment, and is called “AppWorld 2025 - Zero Trust at Scale with F5 NGINX”
Please work with your F5 account team for access.