Enabling Authentication using JWT-IRIS

This section helps you to enable the authentication using JWT-IRIS.

NOTE: You need to ensure that the Arrangement microservice is up and running on Docker or J2EE stack to enable the JWT authentication explained in the section below.

Deployment Artefacts

Arrangement microservice API bundled with IRF is available as a web archive (WAR) - ms-arrangement-api.war.

Configuring JWT

Procedure

  1. Set the claims that need to be extracted from the JWT payload and token validation parameters in spring-jwt-iris-authenticator.xml located in the path \WEB-INF\classes\.
  2. Comment the iss bean from claimValidator.
    ClosedToken Validation Parameters
    <!-- Validations -->
 <!--  Default claims validated are "exp", "iss", "iat"  -->
 <beans:bean id="claim" class="com.temenos.security.oidc.token.validator.ClaimValidator">
     <beans:property name="claims">
         <beans:list>
             <beans:ref bean="exp" />
             <!--                <beans:ref bean="iss" />-->
             <beans:ref bean="iat" />
         </beans:list>
     </beans:property>
 </beans:bean>
  3. Remove the value of issuer.
    ClosedToken Validation Parameters
    <!-- OIDC provider Server -->
<beans:bean id="oidcProviderServer" class="com.temenos.security.oidc.common.OidcProviderServer">
    <beans:property name="issuer" value="" />
    <beans:property name="pkEncoded" value="" />
    <beans:property name="pkCertEncoded" value="" />
    <beans:property name="pkCertFilePath" value="" />
    <beans:property name="pkJwksUri" value="" />
    <beans:property name="decryptingJwkEncoded" value="" />
    <beans:property name="principalClaim" value="sub" />
</beans:bean>
<!-- End OIDC provider Server -->
  4. Set the list of claims to be extracted from JWT as below, if required.
    ClosedClaims
    <!-- List of claim that needs to extracted form the token and set into request headers for further processing, eg:TPPId, Consent_id, etc -->
<beans:bean id="requiredFields" class="com.temenos.irf.web.security.jwt.parser.RequiredFieldsExtractor">
    <beans:property name="claimsToExtract">
        <beans:map>
            <beans:entry key ="roleId" value ="" />
            <beans:entry key ="iss" value ="" />
            <beans:entry key ="aud" value ="" />
        </beans:map>
    </beans:property>
</beans:bean>
<!-- End Claims Extraction -->


Bookmark Name Actions
BACK

In this topic

Feedback
x

Are you sure you want to log-off?