Skip to main content
Skip table of contents

Json Web Token policy

Contents

Json Web Token policy generates a signed JSON Web token with a provided set of claims and header.

Configuration

The properties that have to be configured to use the policy are described below.


Figure 1: Json Web Token policy configuration attributes

Property
Description

Algorithm

Specifies the encryption/signed algorithm to encrypt/sign.

Provide HS256 or RS256 or ES256 as input to be used to generate a token.

  • For HS256, Secret Key has to be provided.
  • For RS256 and ES256, Key ID has to be provided.


Key ID

The Key ID value corresponding to the algorithm chosen, as provided in the JSON web keys.

The JSON Private Keys can be provided in the following ways:

  1. The Key ID and other parameters of each algorithm can be grouped into a JSON as given in the sample below:

    CODE
    {"keys":
           [
             {"kty":"EC",
              "crv":"P-256",
              "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
              "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
              "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
              "use":"sig",
              "kid":"1"},
             {
      "kty": "RSA",
      "d": "ExPnAojM8yoS7juLVJk-o6qLnnvsMejzCDxKHSkFo2H0Tn962-NSOfC_koHDqih0vWGlUVWvPtabFuUc5_5yrExUQerGCoQBaKfG2V2QU-2eUOC-dJ2RX8vaf8PYGfuJeM1UBTbb713a123ugjkCGwMoZS_bPcXSn3f_vNEVqEJIaA0-ZCZ9hZlmULbhZNBbOqZUW40h6m6t22fNW_nFsow6Pu2w6zoXlochYJNnWu8sjbl2OUKPyDqRE_aF5VEDWmUD5mUmdyKDsMtj0Kjg8mZFxLuEY8UO6Q86R7RexaLCFvuSj6jl4sdQd27h7Ho3bS4MtYzlViUpdGeIXjHhoQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "2011-04-29",
      "alg": "RS256",
      "n": "x7I8Cp-GJvefMI2zN9XvmaowC24Otn082VVEDlt1Uwblujx87ZEdxvXMiEsowx9l2G-nJkVznKLQLnUDcF_zWu9hnByessOv4u-qWGq0inHXn3c-PwzhGoE34Nt7RTVrGYGGqp7wGpGR5m-KP68OG3JW8Sr9p3rifaIrnrhXuAqhXJmoNnAkJNkfB1vA5JFXp0cg9ePBWFN4rR8wI4CEmvO26feaUkTHMFtQLFCYU-OyLcvcbNRLIuBCacvES2uWQ4iclEmlhKBEjLeQox05h974BqmaxBn9V0LO9h4Vbn1w6b1bfrdM28WAXuzbi0YMREardnSmTjPGISjlH2uFJw"
    }
           ]
         }


    These JSON web keys (JWK) have to be fed into the Context Variable named "JsonWebKeys" using the Assign Variables policy.

    For the JWK structure as in the sample above, refer to the link: https://tools.ietf.org/html/rfc7517



  2. If the JSON Web keys have to be fetched from a File Store, a Callout policy can be used.

  3. If the JSON Web keys are exposed in an HTTPS URL (Eg: https://www.googleapis.com/oauth2/v3/certs), a Service Call Out policy can be used and the response can be assigned to Context Variables using Assign Variables policy to fetch the keys.

Subject

Subject of the JWT issued.

This property is optional.

Issuer

The "iss" (issuer) claim identifies the entity that issues the JWT.

This property is optional.

Audience

Recipient value. The audience value is comprised of comma separated strings.

This property is optional.

Time to be expired

The time the token has to be expired.

Message

The message that needs to be displayed.

This property is optional.

Additional Claim

To provide custom claims other than the above properties.

Secret Key

Where HS256 symmetric algorithm is chosen, Secret Key has to be provided. The minimum length of the string has to be 256 bit.

Creating a JWT policy

Generate token using postman.

Request - CURL request to generate Json Web Token:

CODE
curl -X GET \  http://192.168.2.231:2160/GenerateJWT/1.0/

Response - Generates json web token to access the resources.

CODE
jwt-token :ewogICJ0eXBlIiA6ICJKV1QiLAogICJhbGciIDogIkhTMjU2IiwKICAia0lEIiA6ICJ1bmRlZmluZWQiCn0=.ewogICJzdWIiIDogIkpXVHRva2VuIiwKICAiaXNzIiA6ICJ3d3cuZmlvcmFuby5jb20iLAogICJhdWQiIDogInJlY2lwaWVudDEiLAogICJpYXQiIDogIjE1NDI5NzU1MDE2NjMiLAogICJleHAiIDogIjE1NDM1NzU1MDE2NjMiLAogICJzaG93IiA6ICJKV1QgVG9rZW4gZm9yIHNlY3VyaXR5IG9mIHJlc291cmNlcy4iLAogICJhZGRpdGlvbmFsQ2xhaW0iIDogeyB9Cn0=.FChbkHGhQcrnY0/vEQAVFDhwyFcrIwiBTQE/Gomldp0= 


Figure 2: Sample request via postman

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.