Authentication using MS - JWT

This section helps you enable the authentication for Docker, Azure, AWS, and K8 by using MS - JWT.

JWT signature is used to verify that the token is signed by the sender and not altered in any way. The Signature is created using the Header and Payload segments, a signing algorithm, and a secret or public key.

To enable JWT authorisation, you should set ms.security.tokencheck.enabled to Y in ENV.env file. The table below describes the JWT authentication properties.

Properties Description

JWT_TOKEN_ISSUER

Identifies the issuer of the authentication token.

JWT_TOKEN_PUBLIC_KEY

Indicates Base64 encoded public key content that can be directly loaded as a public key certificate.

JWT_TOKEN_PRINCIPAL_CLAIM

Indicates the claim in which the user principal is provided.

ID_TOKEN_SIGNED 

Enables the JWT signature validation along with the header and payload.

NOTE: JWT Authorization is by default disabled in Azure/AWS/K8 stack.

Enabling Authentication for Docker

Set the following JWT configuration properties as Environment Variables in the API container of ms-duediligence-mongo.yml / ms-duediligence-postgresql.yml which in turn will refer the ENV.env file for the value of the respective JWT configuration properties.

Closedms-duediligence-mongo.yml / ms-duediligence-postgresql.yml 
#--- JWT Configuration ---
ms.security.tokencheck.enabled: ${ms_security_tokencheck_enabled}
JWT_TOKEN_PRINCIPAL_CLAIM: ${JWT_TOKEN_PRINCIPAL_CLAIM}
JWT_TOKEN_ISSUER: ${JWT_TOKEN_ISSUER}
ID_TOKEN_SIGNED: ${ID_TOKEN_SIGNED}
JWT_TOKEN_PUBLIC_KEY: ${JWT_TOKEN_PUBLIC_KEY}
ClosedENV.env 
#JWT configurations
ms_security_tokencheck_enabled=Y
JWT_TOKEN_PRINCIPAL_CLAIM=sub
JWT_TOKEN_ISSUER=Fabric
ID_TOKEN_SIGNED=true
JWT_TOKEN_PUBLIC_KEY=TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI=

Enabling Authentication for Azure

For Azure deployment, set the following mentioned JWT configuration properties in both install.sh/install-postgresql.sh and install.bat/install-postgresql.bat.

Closedinstall.sh/install-postgresql.sh/install.bat/install-postgresql.bat 
#---JWT Configuration---
ms_security_tokencheck_enabled = 'Y'
JWT_TOKEN_PRINCIPAL_CLAIM = "sub"
JWT_TOKEN_ISSUER = "Fabric"
ID_TOKEN_SIGNED = "true"
JWT_TOKEN_PUBLIC_KEY= "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI="

Enabling Authentication for AWS

In AWS deployment, set the following mentioned JWT configuration properties in install-aws.sh and install-aws-postgresql.sh.

Closedinstall-aws.sh/install-aws-postgresql.sh 
#--- JWT Configuration ---
ms_security_tokencheck_enabled= 'Y'
JWT_TOKEN_PRINCIPAL_CLAIM= "sub"
JWT_TOKEN_ISSUER= "Fabric"
ID_TOKEN_SIGNED= "true"
JWT_TOKEN_PUBLIC_KEY= "TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI="

Enabling Authentication for K8

For K8, navigate to \duediligence\ms-duediligence-package\ms-duediligence-package-docker\src\docker\k8\on-premise\svc\templates\svc\ and configure the following JWT configurations in duediligence-configmap.yaml.

Closedduediligence-configmap.yaml 
#--- JWT configurations ---
ms.security.tokencheck.enabled: {{ .Values.jwtauth.enabled | quote }}
JWT_TOKEN_PRINCIPAL_CLAIM: {{ .Values.jwtauth.JWT_TOKEN_PRINCIPAL_CLAIM | quote }}
JWT_TOKEN_ISSUER: {{ .Values.jwtauth.JWT_TOKEN_ISSUER | quote }}
ID_TOKEN_SIGNED: {{ .Values.jwtauth.ID_TOKEN_SIGNED | quote }}
JWT_TOKEN_PUBLIC_KEY: {{ .Values.jwtauth.JWT_TOKEN_PUBLIC_KEY | quote }}
ClosedValues.yaml 
#--- JWT configurations ---
enabled: Y
JWT_TOKEN_PRINCIPAL_CLAIM: sub
JWT_TOKEN_ISSUER: Fabric
ID_TOKEN_SIGNED: true
JWT_TOKEN_PUBLIC_KEY: TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFzYjJubnNMMzkycjNpd1JmYUdaUzFsVXRkYitFeXZ2OUZmZlhNR2NSNHJmTm5ITHkvRUlHbFFvNWh0NUNwUG91ODYwZkhnREpHZHk1ckVKWEJXVVdEUGI5OGkxMitQMkJGY1FyVnhmM3BWODM0ME10U0NEY3RwYmY2R2x3SkZZRHBjSVZSYWttWWpva0R2VEljanAxWnd2MHQvV2k5SjhHeERXWWhpNmhyd3VGY0c5SUdBSEJQWk8vY2dMR2pmYW9oYUY5OFhFOUtYTGMvV0NxQ1QycUIraEZjeWNlQTVMWU4vdURkRnZHbW5DOHUycWRIWDRoRW96bU8wTmpUaFBhRndiSm9NSXhENEtQa1VGN0Q1VXRkSWRYNUdIcXFOd1RSWnU4S0NEWWJUT1RvN2s3a2syeTB6SytkMllXQWdhWWw4djRTeEtCbVZzMVliZGRwUk1TVFFJREFRQUI=
Expand/Collapse
Share
Print

In this topic

Copyright © 2020- Temenos Headquarters SA

Published on :
Monday, May 2, 2022 5:52:48 PM IST

Feedback
x