webMethods and Intelligent Business Operations 10.2 | API Gateway User's Guide | API Gateway Administration | Security Configuration | JWT | Configuring API Gateway to use JWT
 
Configuring API Gateway to use JWT
Pre-requisites:
You must have the Manage security configurations functional privilege assigned to perform this task.
You can configure API Gateway to generate JSON Web Tokens (JWT) as access tokens for authenticating and securing API requests. API Gateway provides support for using JWT authentication in both the inbound and outbound HTTP requests at the transport level.
* To configure API Gateway as JWT issuer
1. Select Username > Administration.
2. Select Security > JWT.
3. Click Edit.
4. Provide or modify the following information as required:
Field
Description
Token issuer
Name of the JWT token issuer used by API Gateway.
Note: The Token issuer value is case-sensitive.
Algorithm
The cryptographic algorithm to sign JSON Web Tolens (JWTs).
Supported values are: RS256, RS384, and RS512.
Expiry duration
The duration (in minutes) for which the token is valid. For example, the value 60 denotes that the access token will expire in one hour from the time the token was generated.
Audience
Optional. The intended recipient of the token. The application that receives the token must verify that the audience value is correct and reject any tokens intended for a different audience.
Keystore alias
Alias of the keystore containing the private key that is used to sign JWTs.
The Keystore alias field contains a list of the available keystore aliases in API Gateway. If there are no configured keystore aliases, this field displays the DEFAULT_IS_KEYSTORE.
Key alias
Alias of the private key used to sign JWTs.
The Key alias field contains a list of the available aliases in the selected keystore. If there are no configured keystores, this field is empty.
Discovery endpoints
Specifies the discovery endpoint of a JWT where you can find the endpoints to fetch JWT token, public certificates, token issuer and algorithm.
The discovery endpoint contains the following details of the JWT token:
*issuer: The value given in the Token Issuer of the JWT configuration.
*token_endpoint: Specifies the endpoint to fetch the JWT token.
*jwks_uri : Specifies JSON Web Key Signature endpoint to fetch the corresponding public certificate for the keystore configured in the JWT configuration.
*jwt_token_signing_alg_values_supported: Specifies the algorithm specified in the JWT configuration.
*expiry: Specifies the expiry time that specifies the time in minutes for which the token is valid as specified in JWT configuration.
Note: The discovery endpoint displayed is based on the port configured and the extended setting configured. For example if pg_jwt_isHTTPS is set to true then you have to configure only the HTTPS port. If there is no HTTPS port and the pg_jwt_isHTTPs is set to true there is no discovery endpoint displayed.
5. Click Save.

Copyright © 2015- 2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release