JWT Account

Account Settings

...

Field

Field Type

Description

Label*

Default Value: None
Example: JWT Account

String

Specify a unique label for the account.

JWT Issuer*

Default value: pipe.projectPath + '/' + pipe.label

String/Expression

Specify the principal entity that issues the JWT.

Token TTL (seconds)*

Default value: 3600
Example: 6000

Integer

Specify the duration (in seconds) for which the token will be valid.

Minimum value: 60

Secret type

Default Value:KeyStore
Example:Secret key

Dropdown list

Choose the Secret type. The available options are:

KeyStore
Secret key

Key Store

Default Value:None
Example: keystore.jks

String/Expression

Specify the location of the Key Store file, can be in SLDB, on the host machine that is hosting the JCC, or any other unauthenticated endpoint such as https.

KeyStore password

Default Value: None
Example:keystorepswd1

String

Appears when you select KeyStore for Secret type.

Specify the password for keystore. If the key associated with the alias has a password, that password should be the same as this KeyStore password.

Key Alias

Default Value: None
Example:mykeyalias

String/Suggestion

Appears when you select KeyStore for Secret type.

The alias of the secret key to use when signing token.

Secret key

Default Value: None
Example:secRETkey007!

String/Expression

Appears when you select Secret key for Secret type.

Specify the secret key to use to generate digital signatures.

This field allows pipeline parameters. When you select a secret key, a JWT token is generated, which must be verified using a JWT Validate Snap.

Troubleshooting

Error	Reason	Resolution
Error retrieving key for alias from KeyStore.	Either the configuration is invalid or the key alias is missing.	Verify that the KeyStore parameters in the account settings are accurate and that it contains the secret key associated with the specified alias.
Key store load error.	The KeyStore specified is incorrect.	Ensure the provided KeyStore password and type are correct and match the KeyStore requirements.

Account Encryption

Standard Encryption

If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.

Enhanced Encryption

If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per each account.

High: KeyStore password
Medium + High: KeyStore password
Low + Medium + High: KeyStore password

Panel

Regarding KeyStore

There are multiple ways to specify the Key Store. It can be:

Located on SLFS (by uploading the Key Store file)
On the host machine that is hosting the JCC
On an accessible web location

To generate a Key Store file, one can use the keytool utility that comes packaged with JDKs. Here're some useful keytool commands:

To create a key store with an AES key

Code Block
keytool -genseckey -keystore <keystore file name> -storetype jceks -storepass <store password> -keyalg AES -keysize 256 -alias <key alias>

To create a key store with 512 bit key

Code Block
keytool -genseckey -keystore <keystore file name> -storetype jceks -storepass <store password> -keyalg HMACSHA1 -keysize 512 -alias <key alias>

To import keys from one key store to another

Code Block
keytool -importkeystore -srckeystore <src keystore file> -srcstoretype jceks -destkeystore <dest keystore file> -deststoretype jceks -deststorepass <dest store password>

To update the password for a key in a keystore

Code Block
keytool -storetype jceks -keypasswd -keystore <keystore file> -alias <key alias> -keypass <old key password> -new <new key password>

To list keys in a key store file

Code Block
keytool -list -v -storetype jceks -keystore <keystore file>

Insert excerpt

	JWT Snap Pack
	JWT Snap Pack
nopanel	true

Version	Old Version 22	New Version Current
Changes made by	Kalpana Malladi	Kalpana Malladi
Saved on	Apr 05, 2024	Apr 05, 2024

Page Comparison

Versions Compared

Key

JWT Account

Account Settings

Troubleshooting

Account Encryption