Agent Portal authentication

Oauth is an authorization framework that enables the Agent portal to obtain limited access to an HTTP service.

Before you begin

The system must be configured to use multi-factor authentication (MFA).

Procedure

  1. You need to configure the public and private keys paths in the jwt-settings.xml for local environments and config.properties for each deployment environment.

    Example:

     <JWTSettings>
	<Param Name="TokenIssuer" Value= "Guidewire Software Inc." />
	<Param Name= "PublicKeyPath" Value= "${SPI.getPrefsDir()}mda/jwt/public.pem" />
	<Param Name= "PrivateKeyPath" Value= "${SPI.getPrefsDir()}mda/jwt/private_pkcs8.der" />
	<Param Name= "UserNameClaimMapping" Value= "sub" />
</JWTSettings>
  2. Configure clients in web/APP-INF/mda/oauth/clients.xml. A client must be configured for each client application using OAuth.
    OptionDescription
    ClientId This must be set to some value which uniquely identifies the client.
    Note: Only public clients are supported.
    GrantTypes Comma separated list of grant types allowed for the client, including:
    • Authorization Code
    • Implicit
    AccessTokenExpirationTime Expiration time of the access token in minutes. When the token expires, the user will be forced to log in again to get a new token.
    Note: Refresh tokens are not supported.
    RedirectUris Comma separated list of allowed redurectuib URIs for the client.
    • The redirection endpoint URI must be an absolute URI as defined by [RFC3986] Section 4.3.
    • The endpoint URI may include an "application/x-www-form-urlencoded" formatted query component, which must be retained when adding additional query parameters.
    • The endpoint URI must not include a fragment component.