In v2.6.? we will add JWT RSA authn to WS from trusted authorities.
Grouper would have configurations for JWT trusted authorities in grouper.properties
grouper.jwt.trusted.configId.numberOfKeys = 1 # encrypted public key of trusted authority grouper.jwt.trusted.configId.key.0.publicKey = abc123 # RS-256, RS-384, RS-512 grouper.jwt.trusted.configId.key.0.encryptionType = # optional: yyyy-mm-dd hh:mm:ss.SSS grouper.jwt.trusted.configId.key.0.expiresOn = 2021-11-01 00:00:00.000 # JWTs only last for so long. e.g. 600 is 10 minutes. -1 means never expire (not recommended) grouper.jwt.trusted.configId.expirationSeconds = -1 # optional, could be in claim as "subjectSourceId", e.g. myPeople grouper.jwt.trusted.configId.subjectSourceIds = # subjectId, subjectIdentifier, or subjectIdOrIdentifier (optional) grouper.jwt.trusted.configId.subjectIdType = # some claim name that has the subjectId in it. optional, can just label claim name as "subjectId", "subjectIdentifier", or "subjectIdOrIdentifier". e.g. employeeId grouper.jwt.trusted.configId.subjectIdClaimName = subjectId
Make a web service call
Authorization: Bearer jwtTrusted_configId_abc123def456
Grouper will verify that the JWT is signed by a private key from that config id and the WEB will authenticate as the user in the token