JWT Configuration
JWT signature is used to verify that the token is signed by the sender and not altered in any way. The signature is created using the Header and Payload segments, a signing algorithm, and a secret or public key. To enable JWT Authorization, ms.security.tokencheck.enabled should be set as Y. In addition, the following properties should also be set as environment variables:
| Property | Description |
|---|---|
| JWT_TOKEN_ISSUER | Identifies the issuer of the authentication token. |
| JWT_TOKEN_PUBLIC_KEY | Indicates Base64 encoded public key content that can be directly loaded as a public key certificate. |
| JWT_TOKEN_PRINCIPAL_CLAIM | Indicates the claim in which the user principal is provided. |
|
ID_TOKEN_SIGNED |
Enables the JWT signature validation along with the header and payload. |
Docker
For Docker deployment, set the below mentioned JWT configuration properties as Environment Variables in API container of both accountaggregation.yml.
ms.security.tokencheck.enabled: N JWT_TOKEN_PRINCIPAL_CLAIM: FABRICUSER JWT_TOKEN_ISSUER: Fabric ID_TOKEN_SIGNED: "true" JWT_TOKEN_PUBLIC_KEY: "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI"
Custom Claims
Apart from the above properties, one can set custom claims as shown below:
JWT_TOKEN_CUSTOM_CLAIMS : key1:val1,key2:val2
J2EE
In all the J2EE war deployment, navigate to the path(\ms-accountaggregation-package-j2ee.ear\xxxx.war\WEB-INF\classes\properties\) and configure the below JWT configurations in api.properties.
ms.security.tokencheck.enabled=Y JWT_TOKEN_PRINCIPAL_CLAIM=FABRICUSER JWT_TOKEN_ISSUER=Fabric ID_TOKEN_SIGNED=false JWT_TOKEN_PUBLIC_KEY=TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI=
Custom Claims
Apart from the above properties, one can set custom claims as shown below:
JWT_TOKEN_CUSTOM_CLAIMS : key1:val1,key2:val2
Azure
Set the below mentioned JWT authentication and XACML configuration properties as Environment Variables in the install scripts:
ms_security_tokencheck_enabled="Y" JWT_TOKEN_PRINCIPAL_CLAIM="FABRICUSER" JWT_TOKEN_ISSUER="Fabric" ID_TOKEN_SIGNED="true" JWT_TOKEN_PUBLIC_KEY="TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI"
Custom Claims
Apart from the above properties, one can set custom claims as shown below:
JWT_TOKEN_CUSTOM_CLAIMS : key1:val1,key2:val2
AWS
Set the below mentioned JWT authentication properties as Environment Variables in the install scripts:
ms_security_tokencheck_enabled=Y JWT_TOKEN_PRINCIPAL_CLAIM=FABRICUSER JWT_TOKEN_ISSUER=Fabric ID_TOKEN_SIGNED="true" JWT_TOKEN_PUBLIC_KEY="TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI"
Custom Claims
Apart from the above properties, one can set custom claims as shown below:
JWT_TOKEN_CUSTOM_CLAIMS : key1:val1,key2:val2
K8
Set the below mentioned JWT authentication properties as Environment Variables in accountaggregation-api-config.yml:
ms_security_tokencheck_enabled:"N" JWT_TOKEN_PRINCIPAL_CLAIM:FABRICUSER JWT_TOKEN_ISSUER:Fabric ID_TOKEN_SIGNED:"true" JWT_TOKEN_PUBLIC_KEY:"TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI"
Custom Claims
Apart from the above properties, one can set custom claims as shown below:
JWT_TOKEN_CUSTOM_CLAIMS : key1:val1,key2:val2
In this topic