Enabling asymmetric encryption

Bearer token authentication for Cloud API uses asymmetric encryption. To verify a given JWT, BillingCenter executes an asymmetric public key lookup. Periodically, BillingCenter must request the keys used in these lookups from Guidewire Hub.

When you register BillingCenter with Guidewire Hub, you are given an auth server URI and a tenant ID. For BillingCenter to be able to request keys from Guidewire Hub, you must add the auth server URI to your BillingCenter instance.

Failing to enable asymmetric encryption

If you do not enable asymmetric encryption, then calls that attempt to use bearer token authentication will be rejected with a message similar to the following:
JWT verification failed: Encountered JWT issuer '<URL>' that has not been configured in 
        'allowedIssuers' by the SignatureKeyProviderPlugin. Allowed issuers are []
Java

Enable asymmetric encryption

About this task

Before you can complete this task, you must have the issuer URI. This value is supplied to you by Guidewire Cloud Operations.

The following steps identify how to complete this task in your instance of BillingCenter. It may also be possible to complete this task by storing the authServerUri in Guidewire Cloud Property Services. For more information, talk to your Guidewire representative.

Note: The auth server URI is used by the SignatureKeyProviderPluginV1 plugin. In the base configuration, the plugin registry reads the value from the BillingCenterconfig.properties file. Therefore, these instructions indicate how to modify the value in the properties file. If you have modified your configuration to read the value from other locations, then you will need to change the value in those locations as needed.

Procedure

  1. In Guidewire Studio, navigate to configuration > config, and open config.properties.
  2. Add the following line to the file. (Note that this line may already be in the file as a comment. If so, you can simply uncomment the line.) plugin.signaturekeyprovider.allowedissuers =
  3. Set the value of the allowedissuers properties to the value of the authServerUri provided to you by Guidewire.
  4. Restart the application.