JWT Management

Monkton, Inc.

In order to accommodate authentication with web service based Rebar Endpoints, the Rebar Hub allows for JWT authentication. JWT (JavaScript Web Token) provides a simplified means to authenticate users to third party web service enabling a “Zero Trust” means to authenticate with the target service.

Listed JWT Providers

The JWT Management portal lists all JWT providers that have been configured with the Rebar Hub. The list will provide the friendly name, the target URL

JWT Signing

JWT operates on signing requests with trusted certificates. The Rebar Hub, when configuring a JWT Provider, requires a P12 file, the combination of the certificate and private key - as well as the password for the P12 to perform the signing operations.

When a request is generated by the Rebar Hub to the target JWT URL, it will digitally sign the request with the provided P12 file. This must be the same signing certificate used in the target environment to validate the request.

Steps to Add a new JWT Provider

Adding a new JWT Provider is a simple process, follow below to create a new JWT Provider.

  1. On the JWT Providers management screen, tap Add JWT Provider
  2. Enter the name for the provider - this should be something that quickly indicates the use of the JWT Provider
  3. Enter the description for the provider - this should be something descriptive
  4. Enter the JWT Signing Certificate - select the P12 file that contained the trusted certificate to sign requests with
  5. Enter the JWT Signing Certificate Password - this the password used to decrypt the P12 for signing the JWT requests
  6. Enter the JWT Token URL - this is the URL that will be used to generate tokens
  7. Select the Token Cache Duration - this will enable the Rebar Hub to cache tokens to limit generating new tokens for each request to the service
  8. Select optional values to send to the JWT service - this enables the UPN, email, and Send Bundle to be sent as part of the JWT request to the JWT URL
  9. Tap Save JWT Configuration and the Rebar Hub will save the configuration to the database
  10. The modal dialog will disappear and the list of JWT providers will refresh

Note The bundle value will be the app bundle that is sent as part of the authentication request in the Rebar Hub of the invoking mobile app.

Implementing the JWT Provider in your Web Service

Your organization may need to implement a JWT provider that consumes the token provided by the Rebar Hub.

Managing JWT Providers

The JWT Management screen provides the administrator several functions on existing providers:

  • Update Cert
  • Modify
  • Test
  • Certificate
  • Remove

Update Cert for JWT Provider

The Update Cert dialog enables administrators to update the certificate for the JWT provider. This enables the certificate to be cycled out at any point in time for security reasons.

Modify JWT Provider

The Modify action allows for the configuration of the JWT provider to be updated at any time. This includes the JWT Token URL, name, description, token cache duration, and the attributes to send to the JWT service

Test JWT Provider

An important aspect of configuring JWT providers is testing they work. The Test button enables the JWT provider to be invoked. This sends a request to the server with a username and UPN of user@example.com to the service to validate the connection works.

Cert for JWT Provider

The Cert button provides the base 64 encoded certificate for the JWT provider. This can be useful if you are configuring the JWT Token provider in the future.

Remove

This will remove the JWT provider and disassociate it from the Rebar Endpoints it has been configured for. The Rebar Endpoints will be unable to authenticate with the services to perform JWT authentication.