| Bookmark Name | Actions |
|---|
Enabling Authentication by using JWT
From version R2020.10 onwards, the JWT Authorization occurs in the microservice layer by using the environment variable configuration. The validation occurs internally and reduces the HTTP hop between IRF and Microservices.
JWT signature is used to verify that the token is signed by the sender and not altered. The signature is created by using the Header and Payload segments, a signing algorithm, and a secret or public key.
To enable JWT Authorization set ms.security.tokencheck.enabled as Y.
| Properties | Description |
|---|---|
| JWT_TOKEN_ISSUER | Identifies the issuer of the authentication token. |
| JWT_TOKEN_PUBLIC_KEY | Indicates Base64 encoded public key content that can be directly loaded as a public key certificate. |
| JWT_TOKEN_PRINCIPAL_CLAIM | Indicates the claim in which the user principal is provided. |
| ID_TOKEN_SIGNED | Enables the JWT signature validation along with the header and payload. |
For more information about how to generate the JWT Token, refer to the Generating the JWT Token.
Deployment
This section explains you about how to deploy the WAR file for the following stacks:
The JWT Authorization is disabled in AWS and Azure stacks, by default.
Docker
To deploy Docker, set the following JWT configuration properties as Environment Variables in the API container of ms-party.yml and ms-party-pit.yml.
#--- JWT Configuration --- ms.security.tokencheck.enabled: 'Y' JWT_TOKEN_PRINCIPAL_CLAIM: "sub" JWT_TOKEN_ISSUER: "Fabric" ID_TOKEN_SIGNED: "true" JWT_TOKEN_PUBLIC_KEY: "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI="
J2EE
To deploy J2EE, go to \ms-party-package-j2ee.ear\xxxx.war\WEB-INF\classes\properties\ and configure the following JWT configurations in api.properties:
#--- JWT Configuration --- ms.security.tokencheck.enabled= 'Y' JWT_TOKEN_PRINCIPAL_CLAIM= "sub" JWT_TOKEN_ISSUER= "Fabric" ID_TOKEN_SIGNED= "true" JWT_TOKEN_PUBLIC_KEY= "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI="
AWS
To deploy AWS, set the following JWT configuration properties in install-aws.sh.
#--- JWT Configuration --- ms_security_tokencheck_enabled= 'Y' JWT_TOKEN_PRINCIPAL_CLAIM= "sub" JWT_TOKEN_ISSUER= "Fabric" ID_TOKEN_SIGNED= "true" JWT_TOKEN_PUBLIC_KEY= "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI="
Azure
To deploy Azure, set the following JWT configuration properties in install.sh and install.bat.
#--- JWT Configuration --- ms_security_tokencheck_enabled= 'Y' JWT_TOKEN_PRINCIPAL_CLAIM= "sub" JWT_TOKEN_ISSUER= "Fabric" ID_TOKEN_SIGNED= "true" JWT_TOKEN_PUBLIC_KEY= "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI="
Add Bookmark
save your best linksView Bookmarks
Visit your best links
BACK
Are you sure you want to log-off?