Child pages
  • JWT RSA authentication to Grouper Web Service from trusted authority
Skip to end of metadata
Go to start of metadata

In v2.6.? we will add JWT RSA authn to WS from trusted authorities.


Grouper would have configurations for JWT trusted authorities in

grouper.jwt.trusted.configId.numberOfKeys = 1

# encrypted public key of trusted authority
grouper.jwt.trusted.configId.key.0.publicKey = abc123

# RS-256, RS-384, RS-512
grouper.jwt.trusted.configId.key.0.encryptionType = 

# optional: yyyy-mm-dd hh:mm:ss.SSS
grouper.jwt.trusted.configId.key.0.expiresOn = 2021-11-01 00:00:00.000

# JWTs only last for so long.  e.g. 600 is 10 minutes.  -1 means never expire (not recommended)
grouper.jwt.trusted.configId.expirationSeconds = -1

# optional, could be in claim as "subjectSourceId", e.g. myPeople
grouper.jwt.trusted.configId.subjectSourceIds = 

# subjectId, subjectIdentifier, or subjectIdOrIdentifier (optional)
grouper.jwt.trusted.configId.subjectIdType = 

# some claim name that has the subjectId in it.  optional, can just label claim name as "subjectId", "subjectIdentifier", or "subjectIdOrIdentifier".  e.g. employeeId
grouper.jwt.trusted.configId.subjectIdClaimName = subjectId

Make a web service call

Authorization: Bearer jwtTrusted_configId_abc123def456

Grouper will verify that the JWT is signed by a private key from that config id and the WEB will authenticate as the user in the token

  • No labels