webMethods

 View Only
Expand all | Collapse all

How to map JWT token to specific REST service in webMethods IS

  • 1.  How to map JWT token to specific REST service in webMethods IS

    Posted Tue December 06, 2022 10:55 AM

    Hello Community
    I am trying to explore & learn JWT configuration in webMethods IS. Looking at AG documentation, I was able to configure and generate JWT token using built-in jwt specific services.

    Following is high level sequence of steps I performed:

    1. I configured Trusted Issuer in IS
    2. I mapped issuer to corresponding TrustStore , KeyStore and Certificate alias etc
    3. I did set Audience = “http://localhost:5555/restv2/” in Global Claim Settings section
    4. I generated JWT token using built-in service by specifying appropriate params

    After performing above steps, I tried to invoke a REST service hosted on IS (actually a flow service exposed as REST) by using PostmanUI (specified JWT token as bearer token) and the JWT authentication took place successfully in IS.

    However I am not sure how I can map a specific JWT token to any specific REST resource. For example if I have 2 different REST services hosted in IS and I want to use two different JWT tokens (one jwt token for each REST service) then how can I do that in webMethdos IS?

    I know in case of OAuth token, we can achieve this by using different scopes for different services but I am not sure how we can map different JWT tokens to different REST services in IS?

    Can some one in community please comment/guide me on this one? Can we map different JWT tokens to different services in IS?

    Thanks


    #JWT
    #webMethods


  • 2.  RE: How to map JWT token to specific REST service in webMethods IS

    Posted Tue December 06, 2022 12:11 PM

    If I understand correctly, you are looking to restrict access for a service/set of services for a particular user or a subject in a claim. A JWT token cannot be mapped to a particular service.

    As an alternative, you could try defining a new ACL. Then create a group and link it to the ACL. Connect the ACL to a service by setting executeACL of a service to this new ACL.
    Any user present in this group would have access to those folder/set of services. This user can be the sub claim in the JWT that you have generated.

    Hope this makes sense to your use case, if not do reach out.

    -NP


    #webMethods
    #JWT


  • 3.  RE: How to map JWT token to specific REST service in webMethods IS

    Posted Tue December 06, 2022 01:31 PM

    Thanks Nagendra. Your suggestion sounds practical. I’ll try it out and revert with my findings


    #JWT
    #webMethods


  • 4.  RE: How to map JWT token to specific REST service in webMethods IS

    Posted Tue December 06, 2022 09:29 PM

    Sure, there are differences between the way OAuth and JWT works, getting the exact pattern might not be always possible and the security implications will be different too.
    Best to evaluate and proceed.

    -NP


    #webMethods
    #JWT