HID RMS Proxy Configuration Example
This section provides an example (using Nginx) of the proxy configuration required for HID RMS.
-
Install NGINX (as described in the repository documentation).
-
Configure the NGINX proxy SSL certificate by generating the SSL certificate keys:
-
Copy the nginx.cnf file to /opt/nginx and open it for editing, adding your corresponding values:
Copy[ req ]
prompt = no
distinguished_name = <DN>
default_md = sha256
[ nginx_dn ]
organizationalUnitName = <OU>
organizationName =<ORG>
commonName = myrmsproxy
[ nginx_ssl_exts ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
keyUsage = critical, keyEncipherment, digitalSignature
extendedKeyUsage = serverAuth
basicConstraints = critical, CA:true -
Run the following commands to create the keys:
Copyopenssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -extensions 'nginx_ssl_exts' -config /opt/nginx/nginx.cnf
-
-
Configure the proxy property files to define the redirect URLs:
Open the /etc/nginx/nginx.conf file for editing, adding your corresponding values:
Copy#SSL
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
#redirection
server {
listen 443 ssl;
server_name localhost;
#redirect URL to RMS (to retrieve java script)
location /public/scripts/ib.js {
proxy_pass https://<HIDRMSServerhost:port>/application/ib/get-js;
}
#redirect URL to RMS (for probe requests)
location /auth/ib-session {
proxy_pass https://<HIDRMSServerhost:port>/application/ib/probe-request;
}
#redirection to the Banking Application (ie RMS Demo Portal Sample)
location /RMSDemoPortal/ {
proxy_pass https://<RelyingPartyApplicationServerIP:port>/RMSDemoPortal/;
}
}
