This topic contains 1 voice and has 0 replies.

  • Author
    Posts
  • #25006
     reeprice 
    Participant

    I am trying to configure a JWT session in my route and I am not having any success. I hope someone can point me in the right direction.

    My config file is setup as `
    {
    “handler”: {
    “type”: “Router”,
    “name”: “_router”,
    “capture”: “all”
    },
    “heap”: [
    {
    “name”: “JwtSession”,
    “type”: “JwtSession”
    },
    {
    “name”: “capture”,
    “type”: “CaptureDecorator”,
    “config”: {
    “captureEntity”: true,
    “_captureContext”: true
    }
    },
    {
    “name”: “AmService-1”,
    “type”: “AmService”,
    “config”: {
    “url”: “http://ip-XXX-XX-XX-XX.us-gov-west-1.compute.internal:8080/sso”,
    “realm”: “/mgmw”,
    “ssoTokenHeader”: “iPlanetDirectoryPro”,
    “version”: “6.0”,
    “agent”: {
    “username”: “mgmw”,
    “password”: “password”
    },
    “sessionCache”: {
    “enabled”: true
    }
    }
    }
    ]
    }

    
    My route is currently setup as 
    

    {
    “name”: “pep-cdsso”,
    “heap”: [
    {
    “name”: “AmService-1”,
    “type”: “AmService”,
    “config”: {
    “url”: “http://ip-XXX-XX-XX-XX.us-gov-west-1.compute.internal:8080/sso”,
    “realm”: “/”,
    “ssoTokenHeader”: “iPlanetDirectoryPro”,
    “version”: “6.0”,
    “agent”: {
    “username”: “ig_agent”,
    “password”: “password”
    },
    “sessionCache”: {
    “enabled”: false
    }
    }
    }
    ],
    “secrets”: {
    “stores”: [
    {
    “name”: “KeyStoreSecretStore”,
    “type”: “KeyStoreSecretStore”,
    “config”: {
    “file”: “/home/jetty/.openig/secrets/jwtsessionkeystore.pkcs12”,
    “storetype”: “PKS12”,
    “storePassword”: “keystore.secret.id”,
    “mappings”: [
    {
    “secretId”: “jwtsession.encryption.secret.id”,
    “aliases”: [ “jwe-key” ]
    }
    ]
    }
    }
    ]
    },
    “session”: {
    “type”: “JwtSession”,
    “config”: {
    “encryptionSecretId”: “jwtsession.encryption.secret.id”,
    “cookieName”: “am-auth-jwt”,
    “cookieDomain”: “.us-gov-west-1.compute.internal”
    “signatureSecretId”: “jwtsession.signature.secret.id”
    }
    },
    “handler”: {
    “type”: “DispatchHandler”,
    “config”: {
    “bindings”: [
    {
    “handler”: {
    “type”: “Chain”,
    “config”: {
    “filters”: [
    {
    “name”: “CrossDomainSingleSignOnFilter-1”,
    “type”: “CrossDomainSingleSignOnFilter”,
    “config”: {
    “redirectEndpoint”: “/home/pep-cdsso/redirect”,
    “authCookie”: {
    “path”: “/”,
    “name”: “iPlanetDirectoryPro”
    },
    “amService”: “AmService-1”
    }
    },
    {
    “name”: “PolicyEnforcementFilter-1”,
    “type”: “PolicyEnforcementFilter”,
    “config”: {
    “pepRealm”: “/”,
    “application”: “PEP-CDSSO”,
    “ssoTokenSubject”: “${contexts.cdsso.token}”,
    “amService”: “AmService-1”
    }
    },
    {
    “name”: “HeaderFilter-InjectUserAttributes-1”,
    “type”: “HeaderFilter”,
    “config”: {
    “messageType”: “REQUEST”,
    “add”: {
    “email”: [
    “${contexts.policyDecision.attributes.mail[0]}”
    ],
    “uid”: [
    “${contexts.policyDecision.attributes.uid[0]}”
    ],
    “last”: [
    “${contexts.policyDecision.attributes.sn[0]}”
    ]
    }
    }
    }
    ],
    “handler”: “ClientHandler”
    }
    },
    “baseURI”: “http://ip-XXX-XX-XX-XX.us-gov-west-1.compute.internal:8081”
    }
    ]
    }
    },
    “condition”: “${matches(request.uri.path, ‘^/home/pep-cdsso’ )}”
    }

    
    
    Now I don't expect my JWT cookie to have any values, but I do expect it to at least show up on sample app landing page. I can run an echo $KEYSTORE__SECRET_ID and $JWTSESSION_SIGNATURE_SECRET_ID and it returns the correct base64 value so I don't think that is wrong. I created a secrets directory, but I am sure if that is correct method or location. When I created my keystore I use the following code 
    

    keytool \
    -genkey \
    -alias jwe-key \
    -keyalg rsa \
    -keystore /home/jetty/.openig/secrets/jwtsessionkeystore.pkcs12 \
    -storepass password \
    -keypass password \
    -dname “CN=ip-XXX-XX-XX-XX.us-gov-west-1.compute.internal,O=Example Corp”
    `

    I am just hoping that someone can provide some insight into what I am doing wrong.

    • This topic was modified 2 months, 2 weeks ago by  reeprice.
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?