Agent Portal authentication
Oauth is an authorization framework that enables the Agent portal to obtain limited access to an HTTP service.
Before you begin
Procedure
-
You need to configure the public and private keys paths in the
jwt-settings.xml for your local development workspace and
config.properties for each of your planets.
Example:
<JWTSettings> <Param Name="TokenIssuer" Value= "Guidewire Software Inc." /> <Param Name= "PublicKeyPath" Value= "${SPI.getPrefsDir()}mda/jwt/public.pem" /> <Param Name= "PrivateKeyPath" Value= "${SPI.getPrefsDir()}mda/jwt/private_pkcs8.der" /> <Param Name= "UserNameClaimMapping" Value= "sub" /> </JWTSettings>
-
Configure clients in web/APP-INF/mda/oauth/clients.xml. A client
must be configured for each client application using OAuth.
Option Description ClientId This must be set to some value which uniquely identifies the client. Note: Only public clients are supported.GrantTypes Comma separated list of grant types allowed for the client, including: - Authorization Code
- Implicit
AccessTokenExpirationTime Expiration time of the access token in minutes. When the token expires, the user will be forced to log in again to get a new token. Note: Refresh tokens are not supported.RedirectUris Comma separated list of allowed redurectuib URIs for the client. - The redirection endpoint URI must be an absolute URI as defined by [RFC3986] Section 4.3.
- The endpoint URI may include an "application/x-www-form-urlencoded" formatted
query component, which must be retained when adding additional query
parameters.
- See Appendix B and [RFC3986] Section 3.4 for more details.
- The endpoint URI must not include a fragment component.