Jwt Problem

Hello
I have a REST API developed in Integration Server and want to expose them safely through a JWT Token.
I have the following JWT configuration:



The token is not being signed, so I don’t have any configuration in Issuer Configuration.
I am generating the following token:
{
“iss”: “TEST_JWT”,
“iat”: 1637753964,
“exp”: 1669376364,
“aud”: “http://localhost:5555/”,
“sub”: “Administrator”
}

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJURVNUX0pXVCIsImlhdCI6MTYzNzc1Mzk2NCwiZXhwIjoxNjY5Mzc2MzY0LCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjU1NTUvIiwic3ViIjoiQWRtaW5pc3RyYXRvciJ9.YAFJT8yinxdeDBXWgblwxUUNVJ9BIn8xLkEP8S-bMWQ

But when I run from the Postman the call always gives me the following error:
2021-11-24 13:43:12 CET [ISS.0012.0012W] Authentication of user “bearer” failed with exception: [ISS.0010.8044] Integration Server rejected the request to access this resource. The access token is either invalid or expired…

Can someone tell me that I am missing configuration.
Thank you

Hi @bsfl79 ,
A few points

  • IS doesn’t support unsigned JWTs - however from your JWT which has three parts , the part beginning with YAFJ seems like the signature
  • Please configure the Issuer → Certificate Mapping in the Issuer Configuration , The Trusted Issuer TEST_JWT needs to map to a truststore in IS.
  • Could you also provide details of the URL you are invoking with postman? Are you sending the token via a HTTP header with key - Authorization and value - Bearer

-NP

HI @Nagendra_Prasad_A_R
According to the documentation if it supports unsigned JWT. I add capture of the documentation

This is the request

This is strange, could you try configuring the issuer-certificate mapping and then try.
You can also get more information on the failure in the server logs, you can also set the Facility for JWT to trace in the server logging configuration and check.

I am also facing the similar issue with 10.3. Have followed the documentation but no luck. Do you have a step by step guide for setting it up.

Hi @Manoj_Verma .
You need to
Server side

  1. Create a trusted issuer ,
  2. Create a issuer-certificate mapping to point to the truststore of the issuer of the JWT.
  3. Optional - Configure the audience in the global settings.

Client side

  1. Get a JWT token
  2. Pass the token in a request with header Authorization set to "Bearer "

Edit: Added notes :
Note: The audience if specified in the JWT must match with the audience configured in IS Admin. The subject claim must be a valid IS user. The issuer claim must be valid trusted issuer.

The statement “Integration Server supports unsigned JWTs seems incorrect”. Please use signed JWTs only and check if it works for you. Chapter 18 from the Integration Server administrator guide has screenshots as well.
The guide is at .https://documentation.softwareag.com/webmethods/integration_server/pie10-5/10-5_Integration_Server_Administrators_Guide.pdf

NP