JWT Authentication using MS Framework

JWT Authentication for the Campaign Microservices with the release version 202007 and before, uses the JWT Authentication in the IRIS. Hence, follow JWT authentication using IRIS for configuring the deployment artefacts (web archives).

From 202010, JWT Authentication is performed in the Microservice layer using the environment variable configuration. The validation happens in-house and reduces any http hop between IRF and Microservices.

Configuration Setup

JWT signature is used to verify that the token is signed by the sender and not altered in any way. The signature is created using the header and payload segments, a signing algorithm, and a secret or public key.

To enable JWT Authentication, ms.security.tokencheck.enabled must be set as Y.

In addition, the following properties must be set as environment variables. 

JWT Configuration Properties	Description
JWT_TOKEN_ISSUER	Identifies the issuer of the authentication token.
JWT_TOKEN_PUBLIC_KEY	Indicates Base64 encoded public key content that can be directly loaded as a public key certificate.
JWT_TOKEN_PRINCIPAL_CLAIM	Indicates the claim in which the user principal is provided.
ID_TOKEN_SIGNED	Enables the JWT signature validation along with the header and payload

Set the JWT configuration properties as environment variables in API properties for J2EE, and install scripts for Azure and AWS.

JWT Authentication is enabled in J2EE stacks, by default and can be enabled in AWS and Azure stacks as required.

J2EE

In the J2EE WAR deployment, go to \ms-campaign-package-j2ee.ear\xxxx.war\WEB-INF\classes\properties\ and configure the following JWT configurations in api.properties.

#--- JWT Configuration ---
ms.security.tokencheck.enabled=N
JWT_TOKEN_PRINCIPAL_CLAIM=sub
JWT_TOKEN_ISSUER=Fabric
ID_TOKEN_SIGNED=true
JWT_TOKEN_PUBLIC_KEY=TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI=

Azure

To deploy Azure, set the following JWT configuration properties in install.sh/ install.bat.

#--- JWT Configuration ---
ms_security_tokencheck_enabled= "N"
JWT_TOKEN_PRINCIPAL_CLAIM= "sub"
JWT_TOKEN_ISSUER= "Fabric"
ID_TOKEN_SIGNED= "true"
JWT_TOKEN_PUBLIC_KEY= "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI="

AWS

To deploy AWS, set the following JWT configuration properties in install-aws.sh.

#--- JWT Configuration ---
ms_security_tokencheck_enabled= "N"
JWT_TOKEN_PRINCIPAL_CLAIM= "sub"
JWT_TOKEN_ISSUER= "Fabric"
ID_TOKEN_SIGNED= "true"
JWT_TOKEN_PUBLIC_KEY= "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI="