Json Web Token policy
Contents
Json Web Token policy generates a signed JSON Web token with a provided set of claims and header.
Configuration
The properties that have to be configured to use the policy are described below.
Figure 1: Json Web Token policy configuration attributes
Property | Description |
Algorithm | Specifies the encryption/signed algorithm to encrypt/sign. Provide HS256 or RS256 or ES256 as input to be used to generate a token.
|
Key ID | The Key ID value corresponding to the algorithm chosen, as provided in the JSON web keys. The JSON Private Keys can be provided in the following ways:
|
Subject | Subject of the JWT issued. This property is optional. |
Issuer | The "iss" (issuer) claim identifies the entity that issues the JWT. This property is optional. |
Audience | Recipient value. The audience value is comprised of comma separated strings. This property is optional. |
Time to be expired | The time the token has to be expired. |
Message | The message that needs to be displayed. This property is optional. |
Additional Claim | To provide custom claims other than the above properties. |
Secret Key | Where HS256 symmetric algorithm is chosen, Secret Key has to be provided. The minimum length of the string has to be 256 bit. |
Creating a JWT policy
Generate token using postman.
Request - CURL request to generate Json Web Token:
curl -X GET \ http://192.168.2.231:2160/GenerateJWT/1.0/
Response - Generates json web token to access the resources.
jwt-token :ewogICJ0eXBlIiA6ICJKV1QiLAogICJhbGciIDogIkhTMjU2IiwKICAia0lEIiA6ICJ1bmRlZmluZWQiCn0=.ewogICJzdWIiIDogIkpXVHRva2VuIiwKICAiaXNzIiA6ICJ3d3cuZmlvcmFuby5jb20iLAogICJhdWQiIDogInJlY2lwaWVudDEiLAogICJpYXQiIDogIjE1NDI5NzU1MDE2NjMiLAogICJleHAiIDogIjE1NDM1NzU1MDE2NjMiLAogICJzaG93IiA6ICJKV1QgVG9rZW4gZm9yIHNlY3VyaXR5IG9mIHJlc291cmNlcy4iLAogICJhZGRpdGlvbmFsQ2xhaW0iIDogeyB9Cn0=.FChbkHGhQcrnY0/vEQAVFDhwyFcrIwiBTQE/Gomldp0=
Figure 2: Sample request via postman