Consumer Sales Portal authentication
The Consumer Sales Portal uses a JWT from Okta to authenticate with InsuranceNow. JWT client authentication requires that the Guidewire Cloud team registers the application with the Guidewire Identity Federation Hub and that InsuranceNow is configured with the required settings and credentials to request and receive a JWT from Okta.
The following steps describe how consumer sales portals authenticate with InsuranceNow:
- Portal submits the
POST /clients/{clientId}/sessions
API endpoint. - InsuranceNow requests an Okta-issued JWT token
- InsuranceNow includes the Okta-issued JWT token in the API response.
- The portal includes the Okta-issued JWT token with each subsequent API request for that session.
- InsuranceNow validates the Okta-issued JWT token prior to executing each API request.
Configure Consumer Sales Portal authentication
Configure the local and deployment-specific settings for Consumer Sales Portal authentication.
Before you begin
About this task
Procedure
-
Configure the following parameters in
web/APP-INF/mda/jwt/jwt-client-settings.xml to provide details for
the JWT token request:
Parameter Description CustomerId The name of the application used within InsuranceNow. For example, ConsumerSalesPortal
.ClientId Client identifier provided by the Guidewire Cloud team. This ID is used to communicate with Guidewire Hub). ClientSecret Client secret provided by the Guidewire Cloud team. This secret provides authorization for the client associated with the ClientId. IN_UserName The user name associated with the JWT token. In general, the DirectPortal user is used for consumer portal access.
-
Configure the following parameters in
web/APP-INF/mda/jwt/okta-httpclient-settings.xml:
Parameter Description ClientId Client identifier provided by the Guidewire Cloud team. This information is provided in the application registration response. Grant_Type Enter CLIENT_CREDENTIALS
.Scope The scope associated with the application. For example, inow-consumerportal-api.consumer
.AuthServerUri The authorization server to request and decode JWT tokens. This information is provided in the application registration response. Content-Type Enter application/x-www-form-urlencoded
to identify the API content type.JWKUrl Endpoint URL to fetch the public key. The public key is used to decode the JWT token. The format is <AuthServerUri>/v1/keys
.Issuer URL that identifies the issuer of the token.
-
For each deployment environment, configure the following parameters in the
JWT client section of config.properties:
Parameter Description JWT_CUSTOMER_ID The name of the application used within InsuranceNow. For example, ConsumerSalesPortal
.JWT_CLIENT_ID Client identifier provided by the Guidewire Cloud team. This ID is used to communicate with Guidewire Hub. JWT_CLIENT_SECRET Client secret provided by the Guidewire Cloud team. This secret provides authorization for the client associated with the ClientId. JWT_IN_USERNAME The user name associated with the JWT token. In general, the DirectPortal user is used for consumer portal access. -
For each deployment environment, configure the following parameters in the
OKTA client settings section of
config.properties:
Parameter Description OKTA_CLIENT_ID Client identifier provided by the Guidewire Cloud team. This information is provided in the application registration response. OKTA_GRANT_TYPE Enter CLIENT_CREDENTIALS
.OKTA_SCOPE The scope associated with the application. For example, inow-consumerportal-api.consumer
.OKTA_AUTH_SERVER_URI The authorization server to request and decode JWT tokens. This information is provided in the application registration response. OKTA_CONTENT_TYPE Enter application/x-www-form-urlencoded
to identify the API content type.OKTA_JWK_URL Endpoint URL to fetch the public key. The public key is used to decode the JWT token. The format is <AuthServerUri>/v1/keys
.OKTA_ISSUER URL that identifies the issuer of the token.