Hi Sumana,
doing a Reverse Proxy authentication with JWT in Authorization Bearer is working for me now, thanks a lot.
I was also trying to check access token as JWT via introspection endpoint, but I still get following error message in CURL:
CURL Request (access token and endpoint URL are not real data):
curl -k -v -H "Content-Type: application/x-www-form-urlencoded" -H "Accept: application/json" -d "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c&client_id=tui-testJWT" https://Webseal.domain/mga/sps/oauth/oauth20/introspect
CURL error:
{"error_description":"Client not found in response","error":"mapping_error"}* Connection #0 to host proxy.in.audi.vwg left intact
My assumption is that the snippet
importMappingRule("jwt_at_pre");
was included at the wrong position in my pre-token-mapping rule. I added it at the end of my pre-token-mapping rule. Do I include this snippet at a fixed position?
It seems there is no call to the new introspection endpoint validating this access token as JWT. Instead of, the validation of access token as obaque string via introspection endpoint is still working.
Best regards
Thomas
------------------------------
Thomas Renner
------------------------------
Original Message:
Sent: Tue June 06, 2023 09:03 PM
From: Sumana Narasipur
Subject: OAuth: JWT as an Access Token
Hi Thomas,
Thank you for pointing it out, I have uploaded it here
https://ibm.ent.box.com/s/zh7pqxaumx37te4xshzbktovk8rjrum7
------------------------------
Sumana Narasipur
Original Message:
Sent: Tue June 06, 2023 07:41 AM
From: Thomas Renner
Subject: OAuth: JWT as an Access Token
Hello Sumana,
in your article Reverse proxy authentication with OAuth you mentioned a mapping rule called " jwt_at_validate.js".
Where can I find this mapping rule?
Best regards
Thomas
------------------------------
Thomas Renner
Original Message:
Sent: Tue April 18, 2023 07:25 PM
From: Sumana Narasipur
Subject: OAuth: JWT as an Access Token
Hi Kim,
I have updated the link, please let me know if you still have issues.
------------------------------
Sumana Narasipur
Original Message:
Sent: Tue April 18, 2023 07:58 AM
From: Kim Petersen
Subject: OAuth: JWT as an Access Token
Hi Sumana
In the article is a link to the jwt_at_common.js and jwt_at_pre.js
The contents of the files are available here however I dont get access even when logging in to Box. Can the content be accessed elsewhere?
------------------------------
Kim Petersen
Specialist
ATP
Original Message:
Sent: Thu March 23, 2023 04:05 AM
From: Sumana Narasipur
Subject: OAuth: JWT as an Access Token
Hi Gyula,
Can you try again with the following link.
https://community.ibm.com/community/user/security/blogs/sumana-narasipur/2018/07/19/oauth-jwt-access-token
------------------------------
Sumana Narasipur
Original Message:
Sent: Wed March 22, 2023 03:13 AM
From: Gyula Domonkos
Subject: OAuth: JWT as an Access Token
Hi all,
I would like to modify the configuration of IBM Security Verify Access 10.0.5.0 to have Access Token as JWT instead of opaque token. I found this documentation:
https://www.ibm.com/blogs/security-identity-access/oauth-jwt-access-token/
There is an URL in it, which is unfortunately broken: "The contents of the files are available here", and I got "This shared file or folder has been removed" message.
Can you please help me where can I download the jwt_at_common.js and the jwt_at_pre.js files, or is there a newer version of this documentation?
Thank you in advance,
Gyula
------------------------------
Gyula Domonkos
------------------------------