Hi, I'd like to seek help to perform SSO authentication via REST application that's using CE Java api over WSI transport (FNCEWS40MTOM). The communication flow is "Enterprise Application" > "Spring REST API using CE Java api" > "CPE Server" (all applications are internal). Both Spring REST and CPE are installed on WAS 9.0.5 but in different cells. REST application is secured using JwT authentication mechanism in WebSphere.
Here's the scenario that's implemented: -
1/ A user authenticates in an enterprise application (EA). EA generates JwT token and invokes Spring REST API with this JwT token sent in the request header.
2/ The WAS application server validates and authenticates JwT token (using OIDC RP configuration specific to JwT authentication process). As a result, spring REST api is able to access authenticated subject.
3/ I'd like to use this subject in SubjectCredentials class to perform operations using PrivilegedExceptionAction<T> in CPE. Please let me know if the approach described above is correct. Thanks.
The following JVW configurations are applied on WAS where Spring REST api is deployed: -
- -Dcom.filenet.authentication.wsi.AutoDetectAuthToken=true
- -Dcom.filenet.repositoryconfig.allowWSIOnWAS=true
The following JVM configurations are applied on WAS where CPE is installed: -
- -Dcom.filenet.authentication.wsi.AutoDetectAuthToken=true
Attachment: logfile.txt specifying some details about extracted subject.