In v2.6.? we will add JWT RSA authn to WS from trusted authorities.


Grouper would have configurations for JWT trusted authorities in

grouper.jwt.trusted.configId.numberOfKeys = 1

# encrypted public key of trusted authority
grouper.jwt.trusted.configId.key.0.publicKey = abc123

# RS-256, RS-384, RS-512
grouper.jwt.trusted.configId.key.0.encryptionType = 

# optional: yyyy-mm-dd hh:mm:ss.SSS
grouper.jwt.trusted.configId.key.0.expiresOn = 2021-11-01 00:00:00.000

# JWTs only last for so long.  e.g. 600 is 10 minutes.  -1 means never expire (not recommended)
grouper.jwt.trusted.configId.expirationSeconds = -1

# optional, could be in claim as "subjectSourceId", e.g. myPeople
grouper.jwt.trusted.configId.subjectSourceIds = 

# subjectId, subjectIdentifier, or subjectIdOrIdentifier (optional)
grouper.jwt.trusted.configId.subjectIdType = 

# some claim name that has the subjectId in it.  optional, can just label claim name as "subjectId", "subjectIdentifier", or "subjectIdOrIdentifier".  e.g. employeeId
grouper.jwt.trusted.configId.subjectIdClaimName = subjectId

Make a web service call

Authorization: Bearer jwtTrusted_configId_abc123def456

Grouper will verify that the JWT is signed by a private key from that config id and the WEB will authenticate as the user in the token

  • No labels