Skip to content

Commit f81bf64

Browse files
fabriziofioruccifabriziofiorucci
authored
Keycloak 1.9+ endpoints updated (#618)
Keycload endpoints updated
1 parent 0557fb0 commit f81bf64

File tree

1 file changed

+7
-7
lines changed
  • content/nginx/deployment-guides/single-sign-on/oidc-njs

1 file changed

+7
-7
lines changed

content/nginx/deployment-guides/single-sign-on/oidc-njs/keycloak.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -121,20 +121,20 @@ Configure NGINX Plus as the OpenID Connect relying party:
121121
$ curl https://<keycloak-server-address>/realms/master/.well-known/openid-configuration | python -m json.tool
122122
...
123123
{
124-
"authorization_endpoint": "https://<keycloak-server-address>/auth/realms/master/protocol/openid-connect/auth",
124+
"authorization_endpoint": "https://<keycloak-server-address>/realms/master/protocol/openid-connect/auth",
125125
...
126-
"jwks_uri": "https://<keycloak-server-address>/auth/realms/master/protocol/openid-connect/certs",
126+
"jwks_uri": "https://<keycloak-server-address>/realms/master/protocol/openid-connect/certs",
127127
...
128-
"token_endpoint": "https://<keycloak-server-address>/auth/realms/master/protocol/openid-connect/token",
128+
"token_endpoint": "https://<keycloak-server-address>/realms/master/protocol/openid-connect/token",
129129
...
130130
}
131131
```
132132

133133
<span id="nginx-plus-variables"></span>
134134
4. Using your preferred text editor, open **/etc/nginx/conf.d/openid_connect_configuration.conf**. Change the "default" parameter value of each of the following [map](https://nginx.org/en/docs/http/ngx_http_map_module.html#map) directives to the specified value:
135135

136-
- `map $host $oidc_authz_endpoint` – Value of `authorization_endpoint` from [Step 3](#nginx-plus-urls) (in this guide, <span style="white-space: nowrap;">`https://<keycloak-server-address>/auth/realms/master/protocol/openid-connect/auth`</span>)
137-
- `map $host $oidc_token_endpoint` – Value of `token_endpoint` from [Step 3](#nginx-plus-urls) (in this guide, <span style="white-space: nowrap;">`https://<keycloak-server-address>/auth/realms/master/protocol/openid-connect/token`)</span>
136+
- `map $host $oidc_authz_endpoint` – Value of `authorization_endpoint` from [Step 3](#nginx-plus-urls) (in this guide, <span style="white-space: nowrap;">`https://<keycloak-server-address>/realms/master/protocol/openid-connect/auth`</span>)
137+
- `map $host $oidc_token_endpoint` – Value of `token_endpoint` from [Step 3](#nginx-plus-urls) (in this guide, <span style="white-space: nowrap;">`https://<keycloak-server-address>/realms/master/protocol/openid-connect/token`)</span>
138138
- `map $host $oidc_client` – Value in the **Client ID** field from [Step 3 of _Configuring Keycloak_](#keycloak-client-id) (in this guide, `NGINX Plus`)
139139
- `map $host $oidc_client_secret` – Value in the **Secret** field from [Step 5 of _Configuring Keycloak_](#keycloak-secret) (in this guide, <span style="white-space: nowrap;">`<oidc client secret>`)</span>
140140
- `map $host $oidc_hmac_key` – A unique, long, and secure phrase
@@ -146,11 +146,11 @@ Configure NGINX Plus as the OpenID Connect relying party:
146146
1. Comment out (or remove) the [auth_jwt_key_file](http://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_key_file) directive.
147147

148148
2. Uncomment the [auth_jwt_key_request](http://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html#auth_jwt_key_request) directive. (Its parameter, `/_jwks_uri`, refers to the value of the `$oidc_jwt_keyfile` variable, which you set in the next step.)
149-
3. Change the "default" parameter of the `map $host $oidc_jwt_keyfile` directive to the value reported in the `jwks_uri` field in [Step 3](#nginx-plus-urls) (in this guide, <span style="white-space: nowrap;">`https://<keycloak-server-address>/auth/realms/master/protocol/openid-connect/certs`)</span>.
149+
3. Change the "default" parameter of the `map $host $oidc_jwt_keyfile` directive to the value reported in the `jwks_uri` field in [Step 3](#nginx-plus-urls) (in this guide, <span style="white-space: nowrap;">`https://<keycloak-server-address>/realms/master/protocol/openid-connect/certs`)</span>.
150150

151151
- In <span style="white-space: nowrap;">NGINX Plus R16</span> and earlier, the JWK file must be on the local disk. (You can also use this method with <span style="white-space: nowrap;">NGINX Plus R17</span> and later if you wish.)
152152

153-
1. Copy the JSON contents from the JWK file named in the `jwks_uri` field in [Step 3](#nginx-plus-urls) (in this guide, <span style="white-space: nowrap;">`https://<keycloak-server-address>/auth/realms/master/protocol/openid-connect/certs`)</span> to a local file (for example, `/etc/nginx/my_keycloak_jwk.json`).
153+
1. Copy the JSON contents from the JWK file named in the `jwks_uri` field in [Step 3](#nginx-plus-urls) (in this guide, <span style="white-space: nowrap;">`https://<keycloak-server-address>/realms/master/protocol/openid-connect/certs`)</span> to a local file (for example, `/etc/nginx/my_keycloak_jwk.json`).
154154
2. In **/etc/nginx/conf.d/openid_connect_configuration.conf**, change the "default" parameter of the <span style="white-space: nowrap;">`map $host $oidc_jwt_keyfile`</span> directive to the local file path.
155155

156156
6. Confirm that the user named by the [user](http://nginx.org/en/docs/ngx_core_module.html#user) directive in the NGINX Plus configuration (in **/etc/nginx/nginx.conf** by convention) has read permission on the JWK file.

0 commit comments

Comments
 (0)