Versions Compared

Old Version 1

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version Current

changes.mady.by.user Chieko Sugizaki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DTPDEVEL and version 2024.1

You can configure DTP to be able to authenticate via JWT Access Token for OAuth 2.0 in addition to the standard login procedure, allowing CAC/PIV card users to open a browser to DTP and authenticate automatically. In the event that authentication via JWT Access Token fails for any reason, the user will be taken to the standard login screen where they can log in with their username and password.You can configure License Server to be able to authenticate via JWT Access Token for OAuth 2.0 in addition to the standard login procedure, allowing CAC/PIV card users to open a browser to License Server and authenticate automatically. In the event that authentication via JWT Access Token fails for any reason, the user will be taken to the standard login screen where they can log in with their username and password. To set this up, follow the directions below.

...

To enable authentication via JWT Access Token for OAuth 2.0, add the following JVM argument to the <DTP_INSTALLDIR>INSTALL>/bin/variables file as appropriate for your OS.

...

Code Block
languagetext
DTP_JAVA_OPTS=-Dcom.parasoft.oauth2.jwks.uri=<JWKS endpoint>

To enable authentication via JWT Access Token for OAuth 2.0, follow the directions below appropriate for your distribution.

Self-deployed distribution on Linux

Modify <LSS_INSTALLDIR>/app/setVars.sh by adding the following line:

Code Block
languagetext
JAVA_OPTS=-Dcom.parasoft.oauth2.jwks.uri=<JWKS endpoint>

Self-deployed distribution on Windows

...

_

...

Code Block
languagetext
JAVA_OPTS=-Dcom.parasoft.oauth2.jwks.uri=<JWKS endpoint>

Web-archive (war) distribution

Add the following to your JVM arguments:

Code Block
languagetext
-Dcom.parasoft.oauth2.jwks.uri=<JWKS endpoint>

...


When enabled, DTP uses mappings defined in the oidc.json to extract usernames from JWT access tokens. Note that these usernames must also be present in User Administration in order for authentication via JWT to work correctly.When enabled, License Server uses mappings defined in oidc.json to  file to extract usernames from JWT access tokens. Note that these usernames must also be present in User Administration in order for authentication via JWT to work correctly. Open the oidc.json file located in the <DTP_DATA_DIR>/conf directory to configure usernames. 

...

The default value for the claimMappings > username attribute is preferred_username. Change this value if the username in the JWT access token is mapped to a different element name. The other attributes in this file are ignored when authentication via JWT access token is enabled, so you do not need to set them. Save your changes and restart DTP services after configuring the file.Save your changes and restart License Server services after configuring the file.

Using APIs in JWT Token Mode


To access DTP or Enterprise Pack APIs when DTP is in JWT token mode, pass an access token to the API endpoint in the request header using the Authorization header. To access License Server or Enterprise Pack APIs when License Server is in JWT token mode, pass an access token to the API endpoint in the request header using the Authorization header. The token is passed using the following format:

...

In the following example, a token with the value "1234567890" is  is passed to the DTP build API endpoint.

...