diff --git a/docs-web/configuration/policy-resource.md b/docs-web/configuration/policy-resource.md index e1443ca094..4a882f7642 100644 --- a/docs-web/configuration/policy-resource.md +++ b/docs-web/configuration/policy-resource.md @@ -438,7 +438,9 @@ spec: jwksURI: https://idp.example.com/openid-connect/certs ``` -> Note: The feature is implemented using the [reference implementation](https://github.com/nginxinc/nginx-openid-connect/) of NGINX Plus as relying party for OpenID Connect authentication. +NGINX Plus will pass the ID of an authenticated user to the backend in the HTTP header `username`. + +> Note: The feature is implemented using the [reference implementation](https://github.com/nginxinc/nginx-openid-connect/) of NGINX Plus as a relying party for OpenID Connect authentication. #### Prerequisites diff --git a/examples-of-custom-resources/oidc/README.md b/examples-of-custom-resources/oidc/README.md index e6d680c014..8e00f6dc23 100644 --- a/examples-of-custom-resources/oidc/README.md +++ b/examples-of-custom-resources/oidc/README.md @@ -109,5 +109,5 @@ Note that the VirtualServer references the policy `oidc-policy` created in Step 1. Open a web browser and navigate to the URL of the web application: `https://webapp.example.com`. You will be redirected to Keycloak. 1. Log in with the username and password for the user you created in Keycloak, `nginx-user` and `test`. ![keycloak](./keycloak.png) -1. Once logged in, you will be redirected to the web application and get a response from it. +1. Once logged in, you will be redirected to the web application and get a response from it. Notice the field `User ID` in the response, this will match the ID for your user in Keycloak. ![webapp](./webapp.png) diff --git a/examples-of-custom-resources/oidc/webapp.png b/examples-of-custom-resources/oidc/webapp.png index fc20bfb3d0..f40ae36218 100644 Binary files a/examples-of-custom-resources/oidc/webapp.png and b/examples-of-custom-resources/oidc/webapp.png differ diff --git a/examples-of-custom-resources/oidc/webapp.yaml b/examples-of-custom-resources/oidc/webapp.yaml index 31fde92a6e..d3c192b2ef 100644 --- a/examples-of-custom-resources/oidc/webapp.yaml +++ b/examples-of-custom-resources/oidc/webapp.yaml @@ -17,6 +17,13 @@ spec: image: nginxdemos/nginx-hello:plain-text ports: - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/nginx/conf.d + volumes: + - name: config-volume + configMap: + name: oidc-config --- apiVersion: v1 kind: Service @@ -30,3 +37,19 @@ spec: name: http selector: app: webapp +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: oidc-config +data: + app.conf: |- + server { + listen 8080; + + location / { + default_type text/plain; + expires -1; + return 200 'Server address: $server_addr:$server_port\nServer name: $hostname\nDate: $time_local\nURI: $request_uri\nRequest ID: $request_id\nUser ID: $http_username\n'; + } + }