Enabling asymmetric encryption
Bearer token authentication for Cloud API uses asymmetric encryption. To verify a given JWT, PolicyCenter executes an asymmetric public key lookup. Periodically, PolicyCenter must request the keys used in these lookups from Guidewire Hub.
When you register PolicyCenter with Guidewire Hub, you are given an auth server URI and a tenant ID. For PolicyCenter to be able to request keys from Guidewire Hub, you must add the auth server URI to your PolicyCenter instance.
Failing to enable asymmetric encryption
JWT verification failed: Encountered JWT issuer '<URL>' that has not been configured in
'allowedIssuers' by the SignatureKeyProviderPlugin. Allowed issuers are []
Enable asymmetric encryption
About this task
Before you can complete this task, you must have the issuer URI. This value is supplied to you by Guidewire.
The following steps identify how to complete this task in your instance of PolicyCenter. It may also be possible to complete this task by
storing the authServerUri
in Guidewire Cloud Property Services. For more
information, talk to Guidewire.
SignatureKeyProviderPluginV1
plugin.
In the base configuration, the plugin registry reads the value from the PolicyCenter
config.properties file. Therefore, these instructions indicate how to
modify the value in the properties file. If you have modified your configuration to read the
value from other locations, then you will need to change the value in those locations as
needed.Procedure
- In Guidewire Studio, navigate to config.properties. , and open
-
Add the following line to the file. (Note that this line may already be in the file
as a comment. If so, you can simply uncomment the line.)
plugin.signaturekeyprovider.allowedissuers =
-
Set the value of the
allowedissuers
properties to the value of theauthServerUri
provided to you by Guidewire. - Restart the application.