Agent Portal authentication

OAuth is an authorization framework that enables the Agent portal to obtain limited access to an HTTP service.

Before you begin

The system must be configured to use multi-factor authentication (MFA).

Procedure

  1. You need to configure the public and private keys paths in the jwt-settings.xml for your local development workspace and config.properties for each of your planets.

    Example:

     <JWTSettings>
	<Param Name="TokenIssuer" Value= "Guidewire Software Inc." />
	<Param Name= "PublicKeyPath" Value= "${SPI.getPrefsDir()}mda/jwt/public.pem" />
	<Param Name= "PrivateKeyPath" Value= "${SPI.getPrefsDir()}mda/jwt/private_pkcs8.der" />
	<Param Name= "UserNameClaimMapping" Value= "sub" />
</JWTSettings>
  2. Configure clients in web/APP-INF/mda/oauth/clients.xml. A client must be configured for each client application using OAuth.
    OptionDescription
    ClientId Must be set to a value that uniquely identifies the client.
    Note: Only public clients are supported.
    GrantTypes Comma separated list of grant types allowed for the client, including:
    • Authorization Code
    • Implicit
    AccessTokenExpirationTime Expiration time of the access token in minutes. When the token expires, the user must log in again to get a new token.
    Note: Refresh tokens are not supported.
    RedirectUris Comma separated list of allowed redirect URIs for the client.
    • Redirection endpoint URI must be an absolute URI as defined by [RFC3986] Section 4.3.
    • Endpoint URI can include an "application/x-www-form-urlencoded" formatted query component, which must be retained when adding additional query parameters.
    • Endpoint URI must not include a fragment component.