You can configure License Server to be able to authenticate via JWT Access Token for OAuth 2.0 in addition to the standard login procedure, allowing CAC/PIV card users can to open a browser to License Server and authenticate automatically. In the event that authentication via JWT Access Token for OAuth 2.0fails for any reason, the user will be taken to the standard login screen where they can log in with their username and password. To set this up, follow the directions below.

...

Self-deployed distribution on Linux

Modify the setVars.sh file in the <LSS_INSTALLDIR>INSTALL>/app/setVars.sh directory by adding the following line:

...

Self-deployed distribution on Windows

Modify the setVars.bat file in the <LSS_INSTALLDIR>INSTALL>/app/setVars.bat directory by adding the following line:

...

When enabled, License Server uses mappings defined in the oidc.json to  file to extract usernames from JWT access tokens.Open . Note that these usernames must also be present in User Administration in order for authentication via JWT to work correctly. Open the oidc.json file located in the <DTP_DATA_DIR>/conf directory to configure usernames. 

...

The default value for the claimMappings > username attribute is preferred_username.   Change this value if the username in the JWT access token is mapped to a different element name. The other attributes in this file are ignored when authentication via JWT access token is enabled, so you do not need to set them. Save your changes and restart License Server services after configuring the file.

Using APIs in JWT Token Mode

To access License Server or Enterprise Pack APIs when License Server is in JWT token mode, pass an access token to the API endpoint in the request header using the Authorization propertyheader. The token is passed using the following format:

...

You must pass the token for every API call, regardless of the method.