Stage 1 | Add trusted issuers. Integration Server verifies the issuer id (iss claim) in the incoming JWT to check if it matches with the trusted issuers list that Integration Server maintains. For information about adding and editing trusted issuers, see Trusted Issuers. |
Stage 2 | Define a mapping between the issuer and certificate. During this stage, you define a mapping between the trusted issuer and the certificate. Based on the issuer to certificate mapping defined in this stage, Integration Server identifies the certificate alias and uses the public key from that certificate to verify the signature of the incoming JWT. For information about defining a mapping between issuer and certificate and deleting an existing mapping, see Issuer-Certificate Mapping. |
Stage 3 | Edit the Global Claim Settings. Audience: Integration Server verifies the audience defined in the incoming JWT to check if it matches with the list defined in the Global Claim Settings. Audience value can be a list or a single value. If it is a list, then the defined Audience in Integration Server should be one of the value in this list. For information about editing Global Claim Settings, see Editing Global Claim Settings. Max Global Skew: Enables you to define the permissible limits for a variation between any JWT issuer server clock and the Integration Server clock. Integration Server uses this value during verification of the incoming JWT. For more information about JWT clock skew settings, see Skew Mapping. |