Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Zero Trust building blocks - Leverage F5 NGINX Plus Single Sign-On (SSO) and F5 XC

momahdy
F5 Employee
F5 Employee

on ‎24-Jul-2023 05:00

As part of your organization journey to build a Zero Trust strategy with distributed Microservices, you would think of a light weight engine that allows to perform request authentication and authorization.

While keeping the continuous monitoring and the protection provided by F5 Distributed Cloud Web App & API Protection (WAAP), you can provide the authentication and authorization required to your microservices by implementing F5 NGINX Plus for Single Sign-On SSO.

In our article we will explore the path through previously created articles and how we can make use of it to achieve our organization strategy.

XC-NGINXSS.jpeg

 

Deployment options

We have multiple deployment options to suit your needs, below are two examples:

SSO with NGINX Plus

Once you have completed your infrastructure deployment it's time to delpoy the Identity layer and this was discussed over hereEnhanced Modern Applications and MicroServices SSO with NGINX 

Summary

In this article we utilized both Distributed Cloud WAAP and the NGINX Plus SSO feature to allow for continuous monitoring and protection for users traffic and maintaining authentication and authorization through our microservices deployment.

 

Related Content

 

Comments
Nikoolayy1
MVP
MVP
‎30-Aug-2023 02:51

I think it is better to install the Nginx in the RE or CE vk8s as shown here https://community.f5.com/t5/technical-articles/enable-saml-service-provider-on-f5-distributed-cloud-...  .

 

Maybe in the cases where Nginx is a ingress controller in a Amazon EKS then it is not in the CE/RE and the CE can also be a pod in the Amazon EKS. That will be an interesting article making the two pods (Nginx and CE) to work together as one will be the Ingress.

momahdy
F5 Employee
F5 Employee
‎30-Aug-2023 09:25

Thank you Nikoolay,

Yes, if there's ability to deploy it on RE/CE for sure that article would be the one to go with.

The approach you described sounds very intersting as well

0 Kudos
Version history
Last update:
‎06-Jul-2023 22:38
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC