Take the following steps to create a new application of Ping Identity for integrating with NGINX Plus.
Note:
This guide uses the GUI provided with PingOne. It reflects the GUI at the time of initial publication, but the GUI is subject to change. The PingFederate user interace might also differ. Use this guide as a reference and adapt as necessary for the UI you are using.
- Create a New Application
- Configure Auth Code or PKCE Flow
- Configure Redirect URIs for Login and Logout
- Configure Scopes
- Enable Application
- Make Note of Environment ID and Client ID
- Add User
Create a new application for NGINX Plus:
-
Log in to your Ping Identity account. The administrative dashboard opens automatically. In this guide, we show the PingOne dashboard, and for brevity refer simply to ”PingOne”.
-
Click Connections in the left menu, and click + Application button.
-
Type a name in the Application Name field and a description in Description field. Here, we’re using
nginx-plus-oidcandNGINX Plus OIDC Application. Choose a OIDC Web App in Application Type. Click the Save button.
Take the following steps to configure either Auth Code or PKCE.
- Select one of applications that you created. (
nginx-plus-oidc). - Click Configuration tab, and click / icon to edit details.
Take the following steps if you do not want to enable PKCE.
- Choose OPTIONAL in the drop box of PKCE Enforcement.
- Select an option of Client Secret Post in the radio button under the Token Endpoint Authentication Method
- Click Save button.
Take the following steps if you want to enable PKCE.
- Choose S256_REQUIRED in the drop box of PKCE Enforcement.
- Do not choose Client Credentials in Grant Type.
- Select an option of None in the radio button under the Token Endpoint Authentication Method
- Click Save button.
-
In the Redirect URIs, type the URI of the NGINX Plus instance including the port number, and ending in
/_codexch. Here we’re usinghttps://nginx.pingidentity.test:17000/_codexch(the full value is not visible in the screenshot).
-
In the Signoff URLs, type the URI of the NGINX Plus instance including the port number, and ending in
/_logout. Here we’re usinghttps://nginx.pingidentity.test:17000/_logout.
Notes:
- For production, we strongly recommend that you use SSL/TLS (port 443).
- The port number is mandatory even when you’re using the default port for HTTP (80) or HTTPS (443). But it it isn't needed if you use NGINX ACM.
-
Click Resources tab.
-
Click / icon, add
profileandemail, and click Save button:
-
Check if ALLOWED SCOPES are configured with
profile,email, andopenid:
You are returned to the Applications window, which now includes a row for nginx-plus-oidc application. Click the toggle switch at the right end of the row to the “on” position, as shown in the screenshot. Then click the “expand” icon at the end of the row, to display the application’s details.
On the page that opens, make note of the values in the following fields on the Details tab. You will add them to the NGINX Plus configuration in Step 4 of Configuring NGINX Plus.
- Environment ID (in the screenshot,
de35baa5-xxxx-xxxx-xxxx-xxxxxxxxxxxx) - Client ID (in the screenshot,
1ce29830-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
- Client Secret (in the screenshot,
YLHOdOHDgM...); click on the eye icon to view the actual value (This is for Auth Code Flow), and note the value.
- Client Secret: Don't need to note this for NGINX Plus PKCE.
-
Choose Identities menu from the left window.
-
Click Users menu, and click Add User button.
-
Add user information in the window of Add User.
-
Check if new user is added.
