Creating a JSON Web Token from a token profile
Use a JSON Web Token (JWT) to exchange information securely between two different parties. For example, a JWT can carry information about a user that can be used by another party to authenticate the identity of the user. The token profile is used by the pxGenerateJWT activity to generate a JWT. The JWT profile data instance can contain, for example, information about a user that can be used by another party to authenticate the identity of the user between different processes.
- In the navigation panel, click Records > Security > Token Profile.
- Click Create.
- In the Token Type field, select JSON Web Token.
- In the Purpose field, select Generation to create a token profile for generating new JSON Web Tokens.
- Enter a token profile name and short description.
- Click Create and open.
-
In the Headers section, add user-defined headers.
The following required headers are added automatically:
- alg – The used JWS algorithm, which is in the Security section, on the Generation tab.
- cty – The content type is populated by default as application/json.
- typ – The type is always JWT.
- kid – The Key ID is a unique ID generated by the JWT runtime for each token generated.
- crit – Headers that are marked as critical on the Generation tab.
- Click the Add icon.
- In the Name field, enter the header name.
- In the Description field, enter a short description of the header.
- In the Map from field, select whether the header value is mapped from a clipboard or a constant.
-
In the Map from key field, do one of the following
actions:
- If you selected Constant in the Map from field, enter the value of the header.
- If you selected Clipboard in the Map from field, enter the property name from which you are mapping the header value.
-
In the Claims section, specify the payload of the token by
adding the following:
-
Registered claims – A set of recommended predefined claims that
are interoperable.
- Click the Add icon.
- In the Name field, select one of the available claims:
- Issuer (iss) – Specifies the principal that issued the JWT.
- Audience (aud) – Specifies the recipients that the JWT is intended for.
- Subject (sub) – Specifies the principal that is the subject of the JWT.
Note: Each claim must have a different name.
- In the Map from field, select whether the claim is mapped from the clipboard or a constant.
- In the Map from key field, do one of the following actions:
- If you selected Constant in the Map from field, enter the string that you are mapping to.
- If you selected Clipboard in the Map from field, enter the property name that you are mapping to.
- Select the Critical check box if the claim must be processed. If the check box is not selected, the claim might be skipped during verification.
-
Custom claims – Created to share information between parties that
agree to use these claims.
- Click the Add icon.
- In the Name field, enter the name of the claim.
- In the Description field, enter a short description of the claim.
- In the Map from field, select whether the claim is mapped from the clipboard or a constant.
- In the Map from key field, do one of the following actions:
- If you selected Constant in the Map from field, enter the string that you are mapping to.
- If you selected Clipboard in the Map from field, enter the property name that you are mapping to.
- Select the Critical check box if the claim must be processed. If the check box is not selected, the claim might be skipped during verification.
-
Registered claims – A set of recommended predefined claims that
are interoperable.
-
In the Security configuration field, specify whether to generate
a signed JWT.
- To disable security, in the Security configuration field, select None and continue at step 10.
- To require a signature, in the Security configuration
field, select Signature and complete the remaining fields.
- In the Signature type field, select Asymmetric from the drop-down list.
- In the Signature Algorithm field select an algorithm.
- In the Keystore field, select the keystore name. For more information about how to create a keystore, see Creating a Keystore data instance.
- In the Alias field, enter the alias name for the private key that you created when you created the keystore.
- In the Password field, enter the password to the keystore.
- In the Token lifetime section, in the Valid till (in seconds) field, specify the number of seconds that the token remains valid after the token is issued. The default value is 900 seconds.
- Optional: Select the Critical check box if the token validation time must be processed.
- In the Processed not before (in seconds) field, enter the time before which the receiver of the JWT cannot use the token. The default coded in value for this field is 0 seconds.
- Optional: Select the Critical check box if the time before the receiver cannot use the token must be processed.
- In the Advanced section, select Process generated token to configure how to process the generated token validation.
- Click the Processing tab. Some sections and fields are filled out by default. To fill out the remaining fields go to the Processing a JSON Web Token topic, step 7.
- Click Save.