For many organizations, Microsoft Active Directory represents the single, canonical source of truth for the identities of employees and trusted users. When building and deploying cloud‑based business applications, the Azure platform is particularly attractive due to its native integration with Active Directory. Microsoft Azure supports a wide range of standards‑based federated identity and single sign‑on…
Continue reading ›Authentication and Content-Based Routing with JWTs and NGINX Plus
NGINX Plus Release 10 introduced support for offloading authentication from web and API services with JSON Web Tokens (JWTs, pronounced "jots"). Since the release of R10, we've continued to increase functionality in each new release. Starting in NGINX Plus R14, NGINX Plus supports JWTs that contain nested claims and array data. When used in an API gateway…
Continue reading ›Announcing NGINX Plus R14
We're pleased to announce that NGINX Plus Release 14 (R14) is now available to our NGINX Plus subscribers. NGINX Plus is the only all‑in‑one load balancer, content cache, and web server. It’s based on the open source NGINX software, and adds exclusive features along with award‑winning 24‑hour support. NGINX ngPlus R14 includes new security and clustering enhancements. With NGINX Plus, you…
Continue reading ›Announcing NGINX Plus R12
[Editor – This post has been updated to refer the NGINX Plus API, which replaces and deprecates the separate dynamic configuration and status modules discussed in the original version of the post.] Today we are pleased to announce that NGINX Plus R12 is available as a free upgrade for all NGINX Plus subscribers. NGINX Plus is a high‑performance software…
Continue reading ›Improve App Security with the Free O’Reilly NGINX Cookbook, Part 2
Over the past year web application attacks increased by 50% and DDoS attacks more than doubled, according to Akamai. The unfortunate truth is that everyone is now a potential target. As businesses become more dependent on applications and the data within them, the consequences of a security breach can be devastating. To help prevent you from…
Continue reading ›Authenticating Users to Existing Applications with OpenID Connect and NGINX Plus
Using JWT support to provide SSO for existing applications OAuth 2.0 has done much to transform the flexibility and user experience of authenticating to websites and applications. But despite the name, the OAuth 2.0 specification says very little about verifying end‑user identity and nothing about single sign‑on (SSO). That’s where OpenID Connect comes in – it is essentially the…
Continue reading ›Authenticating API Clients with JWT and NGINX Plus
[ngx_snippet name='table-style-blog'] JSON Web Tokens (JWTs, pronounced “jots”) are a compact and highly portable means of exchanging identity information. The JWT specification has been an important underpinning of OpenID Connect, providing a single sign‑on token for the OAuth 2.0 ecosystem. JWTs can also be used as authentication credentials in their own right and are a better…
Continue reading ›Announcing NGINX Plus R10
We are excited to announce NGINX Plus Release 10 (R10), our most significant release yet. NGINX Plus extends the open source NGINX software with advanced functionality and award‑winning support, providing customers with a complete application delivery solution. With this release we are providing a number of new features to dramatically improve the security and performance of applications delivered by…
Continue reading ›
