JWT

Overview

Generate and validate JSON web tokens for use in integrating and authenticating with external systems, using a JWKS registry to get public keys for token signature validation. The create token functions support encrypted private keys in either the PKCS#1 or PCKS#8 standard.

Key Features & Functionality

createtoken (Function) - create a signed JSON web token with standard claims.
createtokenwithcustomclaims (Function) - create a signed JSON web token with standard claims and additional custom claims that may be required for authentication with specific systems.
validatejwtsignature (Function) - Verify a received token against the issuing system's public key. Supports tokens encrypted with the RSA256 and RSA512 algorithm. Returns true if token was verified.
decodeJWT (Function) - Given a JWKS registry URL and a token, retrieve the proper public key and validate the given token returning an string with the decoded token if signature is valid, null otherwise
createDocuSignRSAJWTToken (Function) - Generates a JWT that conforms to the specs of DocuSign.

Parents

simonj0002 9 months ago

Hello

I have a JWKS repository with a mutual authentification (mTLS)
I imported a client certificat in "Client Certificates" of the admin console (docs.appian.com/.../Appian_Administration_Console.html
It is now OK from a stantard appian integration object, I can get the list of certificats

But with the JWT plugin, I have this error :

Caused by: com.auth0.jwk.NetworkException: Cannot obtain jwks from url https://XXXXX/oauth2/v1/keys
at com.auth0.jwk.UrlJwkProvider.getJwks(UrlJwkProvider.java:139)
at com.auth0.jwk.UrlJwkProvider.getAll(UrlJwkProvider.java:145)
at com.auth0.jwk.UrlJwkProvider.get(UrlJwkProvider.java:163)
at com.appiancorp.cs.plugins.jwtTools.jwt.InvalidableCache$2.call(InvalidableCache.java:43)
at com.appiancorp.cs.plugins.jwtTools.jwt.InvalidableCache$2.call(InvalidableCache.java:38)
at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4876)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
... 262 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

It looks like mTLS is not managed by the plugin (handshake_failure)
Can you confirm this and is it possible to upgrade the plugin?
- Cancel
- Up 0 Down
- Reply
- More
- Cancel

Comment

simonj0002 9 months ago

Hello

I have a JWKS repository with a mutual authentification (mTLS)
I imported a client certificat in "Client Certificates" of the admin console (docs.appian.com/.../Appian_Administration_Console.html
It is now OK from a stantard appian integration object, I can get the list of certificats

But with the JWT plugin, I have this error :

Caused by: com.auth0.jwk.NetworkException: Cannot obtain jwks from url https://XXXXX/oauth2/v1/keys
at com.auth0.jwk.UrlJwkProvider.getJwks(UrlJwkProvider.java:139)
at com.auth0.jwk.UrlJwkProvider.getAll(UrlJwkProvider.java:145)
at com.auth0.jwk.UrlJwkProvider.get(UrlJwkProvider.java:163)
at com.appiancorp.cs.plugins.jwtTools.jwt.InvalidableCache$2.call(InvalidableCache.java:43)
at com.appiancorp.cs.plugins.jwtTools.jwt.InvalidableCache$2.call(InvalidableCache.java:38)
at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4876)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
... 262 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

It looks like mTLS is not managed by the plugin (handshake_failure)
Can you confirm this and is it possible to upgrade the plugin?
- Cancel
- Up 0 Down
- Reply
- More
- Cancel

Children

No Data