Add OIDC Timeout config options to NIC ConfigMap #1410
Conversation
workaround for an NGF callout render issue
* fix: Update nim-app-protect-support.md * fix : Add NAP 5.9.0 version info to NIM * Update content/nim/nginx-app-protect/setup-waf-config-management.md * Update content/nim/nginx-app-protect/setup-waf-config-management.md Co-authored-by: Jon Torre <[email protected]> * Update content/nim/nginx-app-protect/setup-waf-config-management.md Co-authored-by: Mike Jang <[email protected]> * Update content/nim/nginx-app-protect/setup-waf-config-management.md Co-authored-by: Jon Torre <[email protected]> --------- Co-authored-by: Mike Jang <[email protected]> Co-authored-by: Jon Torre <[email protected]>
fix: Update per WAF refactor
Added flowcarts for NGINX Plus license verification and usage reporting requirements. Simplified language in Getting Started guide. --------- Co-authored-by: Mike Jang <[email protected]> Co-authored-by: yar <[email protected]>
* Update linkchecker.yml * Update linkchecker.yml Add https://my-deployment.my-region.nginxaas.net/connectivity to ignore list * Update linkchecker.yml --------- Co-authored-by: Jack Hickey <[email protected]>
various WAF typo fixes
* Update linkchecker.yml Update with new waf endpoint name
* Add example to show users how to set NGINX_AGENT_LABELS * Update content/nginx-one/agent/configure-instances/configuration-overview.md Thank you! Co-authored-by: Jon Torre <[email protected]> --------- Co-authored-by: Jon Torre <[email protected]>
Removes restriction on the combination of both precompiled and custom policies in an NGINX config.
* fix: remore NGINXaaS mention on N4A known issues
Update NGF release version 2.1.3
Update ngf version to 2.1.4
reorganize N4A changelog docs
This commit updates the F5 WAF for NGINX changelog to add the remaining entries for 2025 and the entries from 2024 where the product diverged into the V4 and V5 labels. As part of migrating the content, feature links are updated to reflect recent documentation restructuring, and package names were combined into singular tables to reflect the new style convention.
Updated the description for XML and JSON content to clarify that profiles detect malformed content and signatures.
feat: templates and app-protect signatures api Co-authored-by: Mike Jang <[email protected]>
* Content from F5 user vrmare in internal repo * Update content/nginx-one/nginx-configs/config-templates/author-templates.md * Update content/nginx-one/nginx-configs/config-templates/import-templates.md * Update content/nginx-one/nginx-configs/config-templates/author-templates.md * Add changelog * Apply suggestions from code review Co-authored-by: Travis Martin <[email protected]> * Apply suggestions from code review --------- Co-authored-by: Travis Martin <[email protected]>
* docs: add config agent features --------- Co-authored-by: Alan Dooley <[email protected]>
Removed 'connection' and 'agent-api' features from launch and environment variable examples. as these don't apply to v3
* docs: Revamp NGINX technical specs summary table * docs: delete RHEL 10 row * Update content/nginx/technical-specs.md Co-authored-by: yar <[email protected]> * Update content/nginx/technical-specs.md Co-authored-by: yar <[email protected]> * Update content/nginx/technical-specs.md Co-authored-by: yar <[email protected]> * Update content/nginx/technical-specs.md Co-authored-by: yar <[email protected]> * update * Update content/nginx/technical-specs.md --------- Co-authored-by: chisomuma <[email protected]> Co-authored-by: Mike Jang <[email protected]> Co-authored-by: yar <[email protected]>
This commit uses the shortcode psuedo-variable pattern to make multiple component versions for F5 WAF for NGINX into strings. This allows for content in multiple locations to be changed at once by updating the file relating to the version. Many of the versions are currently identical: if the individual components all use the same version, then the amount of shortcode files can be reduced accordingly. - Closes #1318 by replacing the string with a shortcode - Closes #1364 by creating shortcode psuedovariables for each item
Co-authored-by: Alan Dooley <[email protected]> Co-authored-by: Mike Jang <[email protected]>
Move from IaaS phrasing, place partner cloud first Co-authored-by: Mike Jang <[email protected]>
The documentation mentions 2 physical server, implying the configuration can only be applied when hardware servers are being used not virtual machines. However below that There are some caveats about using cloud platforms (implying it would be possible to apply this configuration to the cloud as well) "Some cloud platforms don’t allow direct IP management with keepalived. If you’re using a cloud environment, check whether it supports VIP assignment."
* chore: update CODEOWNERS for NGINXaaS for GC
Remove EPP flags
github-actions
bot
added
documentation
✅ Deploy Preview will be available once build job completes!
|
content/nic/configuration/global-configuration/configmap-resource.md
Outdated
Show resolved
Hide resolved
| ### OIDC (OpenID Connect) Timeouts | ||
| For more information on timeouts, see [here](https://github.com/nginxinc/nginx-openid-connect?tab=readme-ov-file#configuring-the-key-value-store) |
There was a problem hiding this comment.
| ### OIDC (OpenID Connect) Timeouts | |
| For more information on timeouts, see [here](https://github.com/nginxinc/nginx-openid-connect?tab=readme-ov-file#configuring-the-key-value-store) | |
| ### OIDC (OpenID Connect) Timeouts | |
| For more information on timeouts, see [here](https://github.com/nginxinc/nginx-openid-connect?tab=readme-ov-file#configuring-the-key-value-store) |
| | *oidc-access-tokens-timeout* | Sets the timeout for access tokens in OIDC. | `1h` | | ||
| | *oidc-refresh-tokens-timeout* | Sets the timeout for refresh tokens in OIDC. | `24h` | | ||
| | *oidc-sids-timeout* | Sets the timeout for session IDs in OIDC. | `24h` | | ||
ADubhlaoich
left a comment
ADubhlaoich
left a comment
There was a problem hiding this comment.
LGTM: edit suggestions for Markdown formatting.
You can discover these formatting issues with our linting tools: I suggest getting used to using them with pre-commit before they are enforced as part of the CI/CD pipeline.
|
🎉 Thank you for your contribution! It appears you have not yet signed the F5 Contributor License Agreement (CLA), which is required for your changes to be incorporated into an F5 Open Source Software (OSS) project. Please kindly read the F5 CLA and reply on a new comment with the following text to agree: I have hereby read the F5 CLA and agree to its terms 31 out of 32 committers have signed the CLA. |
20 participants
Proposed changes
Add OIDC Timeout config options to NIC ConfigMap
code pr:
nginx/kubernetes-ingress#8495
Checklist
Before sharing this pull request, I completed the following checklist:
Footnotes
Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the style guide for guidance about placeholder content. ↩