The EmpowerID Reverse Proxy is a dockerized NGINX module that sits in front of Web servers, assuming the name and IP addresses of those servers in order to provide authentication and authorization to users requesting the resources (in the form of URIs) provided by those servers. Incoming requests are intercepted by the Reverse Proxy and directed to the EmpowerID IdP, where users must authenticate before authorization for the requested resources can be granted.
Because the EmpowerID Reverse Proxy is a dockerized NGINX module, you must install docker and then pull the Reverse Proxy image from EmpowerID's Docker repository. To pull the repo, you will need to have a login supplied by EmpowerID. |
In the proxy.nginx file (or the SSL.nginx file for TLS/SSL), locate the service_provider_guids setting and replace the default value with that of the Connection ID for the SSO connection you created for the reverse proxy application. You can locate this in the Web interface by doing the following:
From the navigation sidebar, expand Admin > SSO Connections and click SAML.
Search for the SAML connection and the click the Display Name link for it.
From the Connection Details form that appears locate and copy the Connection ID.
Convert the Connection ID to uppercase and then replace the default value for service_provider_guids as shown in the below image.
You can have up to 10 comma delineated service providers in the proxy.nginx or SSL.nginx file. GUIDs must be upper-case. |
Navigate to the server section of the proxy.nginx file ( or SSL.nginx for SSL\TLS) and change the port for incoming traffic as needed.
Now that you have configured the Reverse Proxy for your environment, the next step is to configure Andy's Beans for the Reverse Proxy.