In v2.6.? we will add JWT RSA authn to WS from trusted authorities.
Grouper would have configurations for JWT trusted authorities in grouper.properties
grouper.jwt.trusted.configId.numberOfKeys = 1 # encrypted public key of trusted authority grouper.jwt.trusted.configId.key.0.publicKey = abc123 grouper.jwt.trusted.configId.key.0.encryptionType = RS-256 # optional: yyyy-mm-dd hh:mm:ss.SSS grouper.jwt.trusted.configId.key.0.expiresOn = 2021-11-01 00:00:00.000 # JWTs only last for so long grouper.jwt.trusted.configId.expirationSeconds = 600 # optional, could be in claim as "subjectSourceId" grouper.jwt.trusted.configId.subjectSourceId = myPeople # subjectId, subjectIdentifier, or subjectIdOrIdentifier (optional) grouper.jwt.trusted.configId.subjectIdType = subjectId # some claim name that has the subjectId in it. optional, can just label claim name as "subjectId", "subjectIdentifier", or "subjectIdOrIdentifier" grouper.jwt.trusted.configId.subjectIdClaimName = pennId
Make a web service call
Authorization : Bearer jwtTrusted_configId_abc123def456
Grouper will verify that the JWT is signed by a private key from that config id and the WEB will authenticate as the user in the token