JSON Web Token Single Sign-On 1.0

This feature allows the runtime to produce and consume MP-JWT cookies for authentication.

Enabling this feature

To enable the JSON Web Token Single Sign-On 1.0 feature, add the following element declaration into your server.xml file, inside the featureManager element:

<feature>jwtSso-1.0</feature>

Configuring JWT SSO to change the token expiration time

With JWT SSO you can use a JSON Web Token (JWT) as a Single-Sign-On (SSO). The following example shows how you can configure the JWT SSO to change the token expiration time.

<jwtSso cookieName="myjwt" jwtBuilderRef="myBuilder"/>

 <jwtBuilder id="myBuilder" expiresInSeconds="1800"/>

The jwtBuilderRef attribute refers to the jwtBuilder element myBuilder. The id attribute for the jwtBuilder element named myBuilder is used to identify the JWT builder. The expiresInSeconds attribute indicates the token expiration time at 1800 seconds.

Disabling JWT cookies

You can disable JWT SSO to avoid a default authentication with the JWT cookie. The following example shows how to disable JWT cookies.

<jwtSso id="sample" disableJwtCookie="true" />

The disableJwtCookie attribute is set to true for the id attribute sample.

Feature configuration elements

Stable API packages provided by this feature

  • org.eclipse.microprofile.auth

  • org.eclipse.microprofile.jwt

Features that this feature enables

Supported Java versions

  • JavaSE-1.8

  • JavaSE-11.0

  • JavaSE-15.0

Developing a feature that depends on this feature

If you are developing a feature that depends on this feature, include the following item in the Subsystem-Content header in your feature manifest file.

com.ibm.websphere.appserver.jwtSso-1.0; type="osgi.subsystem.feature"