Microservices
Updated On 03 September 2024 | Min(s) read

Enabling Authentication by using JWT - MS

JWT signature is used to verify that the token is signed by the sender and not altered. The signature is created by using the Header and Payload segments, a signing algorithm, and a secret or public key.

To enable JWT Authorization set ms.security.tokencheck.enabled as Y.

Properties Description
JWT_TOKEN_ISSUER Identifies the issuer of the authentication token.
JWT_TOKEN_PUBLIC_KEY Indicates Base64 encoded public key content that can be directly loaded as a public key certificate.
JWT_TOKEN_PRINCIPAL_CLAIM Indicates the claim in which the user principal is provided.
ID_TOKEN_SIGNED Enables the JWT signature validation along with the header and payload.

Deployment

This section explains you about how to deploy the WAR file for the following stacks:

The JWT Authorization is disabled in AWS, Azure, and K8 stacks by default.

AWS

To deploy AWS, set the following JWT configuration properties as Environment Variable in API container of both in install-aws.sh and install-aws-postgresql.sh. 

#--- JWT Configuration ---
ms_security_tokencheck_enabled= 'Y'
JWT_TOKEN_PRINCIPAL_CLAIM= "sub"
JWT_TOKEN_ISSUER= "Fabric"
ID_TOKEN_SIGNED= "true"
JWT_TOKEN_PUBLIC_KEY= "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI="

Azure

To deploy Azure, set the following JWT configuration properties as Environment Variable in API container of both in install.sh/install-postgresql.sh and install.bat/install-postgresql.bat.. 

#--- JWT Configuration ---
ms_security_tokencheck_enabled= 'Y'
JWT_TOKEN_PRINCIPAL_CLAIM= "sub"
JWT_TOKEN_ISSUER= "Fabric"
ID_TOKEN_SIGNED= "true"
JWT_TOKEN_PUBLIC_KEY= "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI="

K8

To deploy in K8, go to \ms-party-package\ms-party-package-docker\src\docker\k8\on-premise\svc\templates\svc\ and configure the following JWT configurations in party-configmap.yaml.

#--- JWT configurations ---
ms.security.tokencheck.enabled: {{ .Values.jwtauth.enabled | quote }}
JWT_TOKEN_PRINCIPAL_CLAIM: {{ .Values.jwtauth.JWT_TOKEN_PRINCIPAL_CLAIM | quote }}
JWT_TOKEN_ISSUER: {{ .Values.jwtauth.JWT_TOKEN_ISSUER | quote }}
ID_TOKEN_SIGNED: {{ .Values.jwtauth.ID_TOKEN_SIGNED | quote }}
JWT_TOKEN_PUBLIC_KEY: {{ .Values.jwtauth.JWT_TOKEN_PUBLIC_KEY | quote }}


SET jwtauth_enabled=Y
SET JWT_TOKEN_PRINCIPAL_CLAIM=sub
SET JWT_TOKEN_ISSUER=Fabric
SET ID_TOKEN_SIGNED=true
SET JWT_TOKEN_PUBLIC_KEY=TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI=

If value for a property has not been set in start scripts, then the respective JWT configuration properties's values will be taken from values.yaml.

#--- JWT configurations ---
enabled: Y
JWT_TOKEN_PRINCIPAL_CLAIM: sub
JWT_TOKEN_ISSUER: Fabric
ID_TOKEN_SIGNED: true
JWT_TOKEN_PUBLIC_KEY: TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI=

Copyright © 2020- Temenos Headquarters SA

Contact Us

knowledge@temenos.com

Published on :
Tuesday, September 2, 2025 12:39:03 PM IST