How to map JWT token to specific REST service in webMethods IS

Mubarik · December 6, 2022, 3:55pm

Hello Community
I am trying to explore & learn JWT configuration in webMethods IS. Looking at AG documentation, I was able to configure and generate JWT token using built-in jwt specific services.

Following is high level sequence of steps I performed:

I configured Trusted Issuer in IS
I mapped issuer to corresponding TrustStore , KeyStore and Certificate alias etc
I did set Audience = “http://localhost:5555/restv2/” in Global Claim Settings section
I generated JWT token using built-in service by specifying appropriate params

After performing above steps, I tried to invoke a REST service hosted on IS (actually a flow service exposed as REST) by using PostmanUI (specified JWT token as bearer token) and the JWT authentication took place successfully in IS.

However I am not sure how I can map a specific JWT token to any specific REST resource. For example if I have 2 different REST services hosted in IS and I want to use two different JWT tokens (one jwt token for each REST service) then how can I do that in webMethdos IS?

I know in case of OAuth token, we can achieve this by using different scopes for different services but I am not sure how we can map different JWT tokens to different REST services in IS?

Can some one in community please comment/guide me on this one? Can we map different JWT tokens to different services in IS?

Thanks

Nagendra_Prasad · December 6, 2022, 5:10pm

If I understand correctly, you are looking to restrict access for a service/set of services for a particular user or a subject in a claim. A JWT token cannot be mapped to a particular service.

As an alternative, you could try defining a new ACL. Then create a group and link it to the ACL. Connect the ACL to a service by setting executeACL of a service to this new ACL.
Any user present in this group would have access to those folder/set of services. This user can be the sub claim in the JWT that you have generated.

Hope this makes sense to your use case, if not do reach out.

-NP

Mubarik · December 6, 2022, 6:30pm

Thanks Nagendra. Your suggestion sounds practical. I’ll try it out and revert with my findings

Nagendra_Prasad · December 7, 2022, 2:28am

Sure, there are differences between the way OAuth and JWT works, getting the exact pattern might not be always possible and the security implications will be different too.
Best to evaluate and proceed.

-NP

system · June 5, 2023, 2:28am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Validate JWT Configuration on IS webMethods , Integration-Server-and-ESB , REST , authentication , security , JWT	5	1222	June 2, 2023
How to pass token in Authorization header and skip Integration server authentication and invoke the flow service. Currently facing Error: Integration Server rejected the request to access this resource webMethods , API-Gateway	10	1465	March 19, 2024
Bearer Token Interpretation/Inspection webMethods , Service-Designer , Integration-Server-and-ESB	12	1320	January 7, 2024
REST with JWT webMethods , Integration-Server-and-ESB	2	876	April 2, 2021
Access Rest with JWT token webMethods , Integration-Server , Integration-Server-and-ESB , IS , JWT , JWT-Token	2	1065	June 2, 2023

How to map JWT token to specific REST service in webMethods IS

Related Topics