Share via

Authentication for application

Nethra Shree 5 Reputation points
2023-12-26T09:53:47.17+00:00

I have created a deployment file for my application and service file and I have created a ingress file which redirect to application. But here i need to add authentication for this application through azure active directory and nginx ingress controller. When I browse my hostname it should open Microsoft login page and after authentication it should redirect to application how can i achieve this scenario.

Microsoft Security Microsoft Entra Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,211 Reputation points Microsoft Employee Moderator
    2023-12-27T21:00:45.9566667+00:00

    Hi @Nethra Shree , to add authentication to your application using Azure Active Directory and Nginx ingress controller, you can follow these general steps:

    1. Create an Azure AD application and configure it to allow authentication for your application. You can follow the steps in this article to create an Azure AD application: Configure your App Service or Azure Functions app to use Azure AD login.
    2. Configure your Nginx ingress controller to use Azure AD authentication. You can use the nginx-ingress-external-auth module to authenticate requests to your application. This module allows you to use an external authentication service, such as Azure AD, to authenticate requests to your application.
    3. Configure your ingress resource to use the Nginx ingress controller and enable authentication. You can add annotations to your ingress resource to enable authentication and specify the authentication service to use. Here is an example of an ingress resource that uses the Nginx ingress controller and Azure AD authentication: 
    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    nginx.ingress.kubernetes.io/auth-url: "https://login.microsoftonline.com//oauth2/v2.0/authorize?client_id=&response_type=code&redirect_uri=https:///oauth2/callback&response_mode=query&scope=openid&state="
    nginx.ingress.kubernetes.io/auth-signin: "https://login.microsoftonline.com//oauth2/v2.0/authorize?client_id=&response_type=code&redirect_uri=https:///oauth2/callback&response_mode=query&scope=openid&state="
spec:
  rules:
  - host: 
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: 
            port:
              name: http

    You will need to replace <tenant-id>, <client-id>, <your-app-url>, <state>, <your-hostname>, and <your-service-name> with the appropriate values for your application.

    1. Deploy your application and ingress resource to your Kubernetes cluster. Once deployed, you should be able to browse to your hostname and be redirected to the Microsoft login page. After authentication, you should be redirected back to your application.

    Note that this is a general overview of the steps involved in adding Azure AD authentication to your application using Nginx ingress controller. The exact steps may vary depending on your specific application and environment.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.