For many organizations, Microsoft Active Directory represents the single, canonical source of truth for the identities of employees and trusted users. When building and deploying cloud‑based business applications, the Azure platform is particularly attractive due to its native integration with Active Directory. Microsoft Azure supports a wide range of standards‑based federated identity and single sign‑on…
Continue reading ›Authentication and Content-Based Routing with JWTs and NGINX Plus
NGINX Plus Release 10 introduced support for offloading authentication from web and API services with JSON Web Tokens (JWTs, pronounced "jots"). Since the release of R10, we've continued to increase functionality in each new release. Starting in NGINX Plus R14, NGINX Plus supports JWTs that contain nested claims and array data. When used in an API gateway…
Continue reading ›Announcing NGINX Plus R14
[ngx_snippet name='style-bolder-h4-h5'] We're pleased to announce that NGINX Plus Release 14 (R14) is now available to our NGINX Plus subscribers. NGINX Plus is the only all‑in‑one load balancer, content cache, and web server. It’s based on the open source NGINX software, and adds exclusive features along with award‑winning 24‑hour support. NGINX Plus R14 includes new security and…
Continue reading ›Announcing NGINX Plus R12
[ngx_snippet name='style-bolder-h4-h5'] [Editor – This post has been updated to refer the NGINX Plus API, which replaces and deprecates the separate dynamic configuration and status modules discussed in the original version of the post.] Today we are pleased to announce that NGINX Plus R12 is available as a free upgrade for all NGINX Plus subscribers. NGINX Plus is a…
Continue reading ›Improve App Security with the Free O’Reilly NGINX Cookbook, Part 2
Over the past year web application attacks increased by 50% and DDoS attacks more than doubled, according to Akamai. The unfortunate truth is that everyone is now a potential target. As businesses become more dependent on applications and the data within them, the consequences of a security breach can be devastating. To help prevent you from…
Continue reading ›Authenticating Users to Existing Applications with OpenID Connect and NGINX Plus
Using JWT support to provide SSO for existing applications Editor – This post describes how to use NGINX Plus with OpenID Connect providers that support the Implicit Flow for authentication. In NGINX Plus R15 and later, you can also use NGINX Plus as the Relying Party in the OpenID Connect Authorization Code Flow. A supported reference implementation is available at…
Continue reading ›Authenticating API Clients with JWT and NGINX Plus
[ngx_snippet name='table-style-blog'] JSON Web Tokens (JWTs, pronounced “jots”) are a compact and highly portable means of exchanging identity information. The JWT specification has been an important underpinning of OpenID Connect, providing a single sign‑on token for the OAuth 2.0 ecosystem. JWTs can also be used as authentication credentials in their own right and are a better…
Continue reading ›Announcing NGINX Plus R10
We are excited to announce NGINX Plus Release 10 (R10), our most significant release yet. NGINX Plus extends the open source NGINX software with advanced functionality and award‑winning support, providing customers with a complete application delivery solution. With this release we are providing a number of new features to dramatically improve the security and performance of applications delivered by…
Continue reading ›