Add User ID to webapp response for OIDC example

nginx · Jan 20, 2021 · a469c40 · a469c40
1 parent b738fae
commit a469c40
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 2 deletions.
diff --git a/docs-web/configuration/policy-resource.md b/docs-web/configuration/policy-resource.md
@@ -438,7 +438,9 @@ spec:
     jwksURI: https://idp.example.com/openid-connect/certs
 ```
 
-> Note: The feature is implemented using the [reference implementation](https://github.com/nginxinc/nginx-openid-connect/) of NGINX Plus as relying party for OpenID Connect authentication.
+NGINX Plus will pass the ID of an authenticated user to the backend in the HTTP header `username`.
+
+> Note: The feature is implemented using the [reference implementation](https://github.com/nginxinc/nginx-openid-connect/) of NGINX Plus as a relying party for OpenID Connect authentication.
 
 #### Prerequisites
 

diff --git a/examples-of-custom-resources/oidc/README.md b/examples-of-custom-resources/oidc/README.md
@@ -109,5 +109,5 @@ Note that the VirtualServer references the policy `oidc-policy` created in Step
 1. Open a web browser and navigate to the URL of the web application: `https://webapp.example.com`. You will be redirected to Keycloak.
 1. Log in with the username and password for the user you created in Keycloak, `nginx-user` and `test`.
 ![keycloak](./keycloak.png)
-1. Once logged in, you will be redirected to the web application and get a response from it.
+1. Once logged in, you will be redirected to the web application and get a response from it. Notice the field `User ID` in the response, this will match the ID for your user in Keycloak.
 ![webapp](./webapp.png)
diff --git a/examples-of-custom-resources/oidc/webapp.png b/examples-of-custom-resources/oidc/webapp.png
diff --git a/examples-of-custom-resources/oidc/webapp.yaml b/examples-of-custom-resources/oidc/webapp.yaml
@@ -17,6 +17,13 @@ spec:
         image: nginxdemos/nginx-hello:plain-text
         ports:
         - containerPort: 8080
+        volumeMounts:
+          - name: config-volume
+            mountPath: /etc/nginx/conf.d
+      volumes:
+        - name: config-volume
+          configMap:
+            name: oidc-config
 ---
 apiVersion: v1
 kind: Service
@@ -30,3 +37,19 @@ spec:
     name: http
   selector:
     app: webapp
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: oidc-config
+data:
+  app.conf: |-
+    server {
+    listen 8080;
+
+    location / {
+        default_type text/plain;
+        expires -1;
+        return 200 'Server address: $server_addr:$server_port\nServer name: $hostname\nDate: $time_local\nURI: $request_uri\nRequest ID: $request_id\nUser ID: $http_username\n';
+      }
+    }