Microservices
Updated On 24 March 2024 | Min(s) read

Enabling Authentication using JWT-IRIS

This section helps you to enable the authentication using JWT- IRIS.

You need to ensure that the Arrangement microservice is up and running on Docker or J2EE stack to enable the JWT authentication explained in the section below.

Deployment Artefacts

Arrangement microservice API bundled with IRF is available as a web archive (WAR) - ms-arrangement-api.war.

Configuring JWT

Procedure

  1. Set the claims that need to be extracted from the JWT payload and token validation parameters in spring-jwt-iris-authenticator.xml located in the path \WEB-INF\classes\.
  2. Comment the iss bean from claimValidator.
    <!-- Validations -->
 <!--  Default claims validated are "exp", "iss", "iat"  -->
 <beans:bean id="claim" class="com.temenos.security.oidc.token.validator.ClaimValidator">
     <beans:property name="claims">
         <beans:list>
             <beans:ref bean="exp" />
             <!--                <beans:ref bean="iss" />-->
             <beans:ref bean="iat" />
         </beans:list>
     </beans:property>
 </beans:bean>
  3. Remove the value of issuer.
    <!-- OIDC provider Server -->
<beans:bean id="oidcProviderServer" class="com.temenos.security.oidc.common.OidcProviderServer">
    <beans:property name="issuer" value="" />
    <beans:property name="pkEncoded" value="" />
    <beans:property name="pkCertEncoded" value="" />
    <beans:property name="pkCertFilePath" value="" />
    <beans:property name="pkJwksUri" value="" />
    <beans:property name="decryptingJwkEncoded" value="" />
    <beans:property name="principalClaim" value="sub" />
</beans:bean>
<!-- End OIDC provider Server -->
  4. Set the list of claims to be extracted from JWT as below, if required.
    <!-- List of claim that needs to extracted form the token and set into request headers for further processing, eg:TPPId, Consent_id, etc -->
<beans:bean id="requiredFields" class="com.temenos.irf.web.security.jwt.parser.RequiredFieldsExtractor">
    <beans:property name="claimsToExtract">
        <beans:map>
            <beans:entry key ="roleId" value ="" />
            <beans:entry key ="iss" value ="" />
            <beans:entry key ="aud" value ="" />
        </beans:map>
    </beans:property>
</beans:bean>
<!-- End Claims Extraction -->

Copyright © 2020- Temenos Headquarters SA

Contact Us

knowledge@temenos.com

Published on :
Tuesday, September 2, 2025 12:39:06 PM IST