Enabling asymmetric encryption

Bearer token authentication for Cloud API uses asymmetric encryption. To verify a given JWT, PolicyCenter executes an asymmetric public key lookup. Periodically, PolicyCenter must request the keys used in these lookups from Guidewire Hub.

When you register PolicyCenter with Guidewire Hub, you are given an auth server URI and a tenant ID. For PolicyCenter to be able to request keys from Guidewire Hub, you must store the auth server URI and the tenant ID in certain plugin registries.

Enable asymmetric encryption

About this task

Before you can complete this task, you must register PolicyCenter with Guidewire Hub. You will need the authServerUri value provided at the end of registration. For more information, talk to your Guidewire representative.

The following steps identify how to complete this task in your instance of PolicyCenter. It may also be possible to complete this task by storing the authServerUri in Guidewire Cloud Property Services. For more information, talk to your Guidewire representative.

Note: The auth server URI is used by the SignatureKeyProviderPluginV1 plugin. In the base configuration, the plugin registry reads the value from the PolicyCenter config.properties file. Therefore, these instructions indicate how to modify the value in the properties file. If you have modified your configuration to read the value from other locations, then you will need to change the value in those locations as needed.

Procedure

Specify the auth server URI.
  1. In Guidewire Studio, navigate to configuration > config, and open config.properties.
  2. Add the following line to the file. (Note that this line may already be in the file as a comment. If so, you can simply uncomment the line.) plugin.signaturekeyprovider.allowedissuers =
  3. Set the value of the allowedissuers properties to the value of the authServerUri provided to you by Guidewire.