Skip to main content

Privacera Documentation

Authenticate Privacera Platform services using JSON Web Tokens

You can authenticate Privacera Platform services using JSON web tokens (JWT) for the following services:

Prerequisites
  • The identity provider URL that is allowed in the issuer claim of a JWT.

  • The public key from the provider that Privacera services can use to validate JWT.

Procedure
  1. SSH to the instance as USER.

  2. Copy the public key in ~/privacera/privacera-manager/config/custom-properties. If you are configuring more than one JWT, copy all the public keys associated with the JWT tokens to the same path.

  3. Run the following commands.

    cd ~/privacera/privacera-manager/config
    cp sample-vars/vars.jwt-auth.yaml custom-vars
    vi custom-vars/vars.jwt-auth.yaml
  4. Edit the JWT_OAUTH_ENABLE and JWT_CONFIGURATION_LIST properties. For property details, see JSON Web Token properties.

  5. Run the update.

    cd ~/privacera/privacera-manager/
    ./privacera-manager.sh update
    

JSON Web Token properties

Property

Description

Example

JWT_OAUTH_ENABLE

Property to enable JWT auth in Privacera services.

TRUE

JWT_CONFIGURATION_LIST

Property to set multiple JWT configurations.

  • issuer: URL of the identity provider.

  • subject: Subject of the JWT (the user).

  • secret: If the JWT token has been encrypted using secret.

  • publickey: JWT file name that you copied in step 2 above.

  • userKey: Define a unique userkey.

  • groupKey: Define a unique group key.

  • parserType:  Assign one of the following values:

    • PING_IDENTITY: When scope/group is array.

    • KEYCLOAK: When scope/group is space separator.

JWT_CONFIGURATION_LIST:
  - index: 0
    issuer: "https://your-idp-domain.com/websec"
    subject: "api-token"
    secret: "tprivacera-api"
    publickey: "jwttoken.pub"
    userKey: "client_id"
    groupKey: "scope"
    parserType: "KEYCLOAK"
  - index: 1
    issuer: "https://your-idp-domain.com/websec2"
    publickey: "jwttoken2.pub"
    parserType: "PING_IDENTITY"
  - index: 2
    issuer: "https://your-idp-domain.com/websec3"
    publickey: "jwttoken3.pub"