In v2.6.? we will add JWT RSA authn to WS from trusted authorities.
Grouper would have configurations for JWT trusted authorities in grouper.properties
grouper.jwt.trusted.configId.numberOfKeys = 1 # encrypted public key of trusted authority grouper.jwt.trusted.configId.key.0.publicKey = abc123 grouper.jwt.trusted.configId.key.0.encryptionType = RS-256 # optional: yyyy-mm-dd hh:mm:ss.SSS grouper.jwt.trusted.configId.key.0.expiresOn = 2021-11-01 00:00:00.000 # JWTs only last for so long grouper.jwt.trusted.configId.expirationSeconds = 600 grouper.jwt.trusted.configId.subjectSource = myPeople # subjectId, subjectIdentifier, or subjectIdOrIdentifier grouper.jwt.trusted.configId.subjectIdType = subjectId
Make a web service call
Authorization : Bearer jwtTrusted_configId_abc123def456
Grouper will verify that the JWT is signed by a private key from that config id and the WEB will authenticate as the user in the token