Configuring JWT Accounts
On this Page
You can create an account from Designer or Manager. In Designer, when working on pipelines, every Snap that needs an account prompts you to create a new account or use an existing account. The accounts can be created in or used from:
Your private project folder: This folder contains the pipelines that will use the account.
Your Project Space’s shared folder: This folder is accessible to all the users that belong to the Project Space.
The global shared folder: This folder is accessible to all the users within an organization in the SnapLogic instance.
Account Configuration
In Manager, you can navigate to the required folder and create an account in it (see Accounts). To create an account for binary files:
Click Create, then select JWT, then JWT Account.
Supply an account label.
Supply the necessary information.
(Optional) Supply additional information on this account in the Notes field of the Info tab.
Click Apply.
Account Types
JWT Account
Account Settings
Field | Field Type | Description | |
---|---|---|---|
Label* Default Value: None | String | Specify a unique label for the account. | |
JWT Issuer*
| String/Expression | Specify the principal entity that issues the JWT.
| |
Token TTL (seconds)*
| Integer | Specify the duration (in seconds) for which the token will be valid. Minimum value: 60
| |
Secret type Default Value: KeyStore | Dropdown list | Choose the Secret type. The available options are:
| |
Key Store
Default Value: None | String/Expression | Specify the location of the Key Store file, can be in SLDB, on the host machine that is hosting the JCC, or any other unauthenticated endpoint such as | |
KeyStore password
Default Value: None | String | Appears when you select KeyStore for Secret type. Specify the password for keystore. If the key associated with the alias has a password, that password should be the same as this KeyStore password. | |
Key Alias Default Value: None | String/Suggestion | Appears when you select KeyStore for Secret type. The alias of the secret key to use when signing token.
| |
Secret key
| String/Expression | Appears when you select Secret key for Secret type. Specify the secret key to use to generate digital signatures. This field allows pipeline parameters. When you select a secret key, a JWT token is generated, which must be verified using a JWT Validate Snap. |
Troubleshooting
Error | Reason | Resolution |
---|---|---|
Error retrieving key for alias from KeyStore. | Either the configuration is invalid or the key alias is missing. | Verify that the KeyStore parameters in the account settings are accurate and that it contains the secret key associated with the specified alias. |
Key store load error. | The KeyStore specified is incorrect. | Ensure the provided KeyStore password and type are correct and match the KeyStore requirements. |
Account Encryption
Standard Encryption | If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed. | |
---|---|---|
Enhanced Encryption | If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per each account.
|
Regarding KeyStore
There are multiple ways to specify the Key Store. It can be:
Located on SLFS (by uploading the Key Store file)
On the host machine that is hosting the JCC
On an accessible web location
To generate a Key Store file, one can use the keytool utility that comes packaged with JDKs. Here're some useful keytool commands:
To create a key store with an AES key
keytool -genseckey -keystore <keystore file name> -storetype jceks -storepass <store password> -keyalg AES -keysize 256 -alias <key alias>
To create a key store with 512 bit key
keytool -genseckey -keystore <keystore file name> -storetype jceks -storepass <store password> -keyalg HMACSHA1 -keysize 512 -alias <key alias>
To import keys from one key store to another
keytool -importkeystore -srckeystore <src keystore file> -srcstoretype jceks -destkeystore <dest keystore file> -deststoretype jceks -deststorepass <dest store password>
To update the password for a key in a keystore
To list keys in a key store file
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.