MicroProfile JWT (mpJwt)

The configuration to process the MicroProfile JWT token.

Name Type Default Description

audiences

string

The trusted audience list to be included in the aud claim in the JSON web token.

authFilterRef

A reference to top level authFilter element (string).

Specifies the authentication filter reference.

clockSkew

A period of time with millisecond precision

5m

This is used to specify the allowed clock skew in minutes when validating the JSON web token. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

groupNameAttribute

string

groups

The value of the claim will be used as the user group membership.

id

string
Required

The unique ID.

ignoreApplicationAuthMethod

boolean

true

Ignore the configured authentication method in the application. Allow legacy applications that do not configure MP-JWT as their authentication method to use MicroProfile JWT token if one is included in the request.

issuer

string

The url of the issuer.

jwksUri

string

Specifies a JSON Web Key service URL.

keyName

string

Specifies a trusted key alias for using the public key to verify the signature of the token.

mapToUserRegistry

boolean

false

Specifies whether to map userIdentifier to a registry user.

sharedKey

Reversably encoded password (string)

Specifies the string that will be used to generate the shared keys for HS256 signatures. The value can be stored in clear text or in the more secure encoded form. Use the securityUtility tool with the encode option to encode the shared key.

signatureAlgorithm

  • ES256

  • ES384

  • ES512

  • HS256

  • HS384

  • HS512

  • RS256

  • RS384

  • RS512

Specifies the signature algorithm that will be used to sign the JWT token.
ES256
%tokenSignAlgorithm.ES256
ES384
%tokenSignAlgorithm.ES384
ES512
%tokenSignAlgorithm.ES512
HS256
%tokenSignAlgorithm.HS256
HS384
%tokenSignAlgorithm.HS384
HS512
%tokenSignAlgorithm.HS512
RS256
%tokenSignAlgorithm.RS256
RS384
%tokenSignAlgorithm.RS384
RS512
%tokenSignAlgorithm.RS512

sslRef

A reference to top level ssl element (string).

Specifies an ID of the SSL configuration that is used for SSL connections.

tokenReuse

boolean

true

Specifies whether the token can be re-used.

useSystemPropertiesForHttpClientConnections

boolean

false

Specifies whether to use Java system properties when the JWT Consumer creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties.

userNameAttribute

string

upn

The value of the claim will be used as user principal to authenticate.

authFilter

Specifies the authentication filter reference.

authFilter > cookie

A unique configuration ID.

Name Type Default Description

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

authFilter > host

A unique configuration ID.

Name Type Default Description

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

authFilter > remoteAddress

A unique configuration ID.

Name Type Default Description

id

string

A unique configuration ID.

ip

string

Specifies the remote host TCP/IP address.

matchType

  • contains

  • equals

  • greaterThan

  • lessThan

  • notContain

contains

Specifies the match type.

authFilter > requestHeader

A unique configuration ID.

Name Type Default Description

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

value

string

The value attribute specifies the value of the request header. If the value is not specified, then the name attribute is used for matching, for example, <requestHeader id="sample" name="email" matchType="contains"/>.

authFilter > requestUrl

A unique configuration ID.

Name Type Default Description

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

urlPattern

string
Required

Specifies the URL pattern. The * character is not supported to be used as a wildcard.

authFilter > userAgent

A unique configuration ID.

Name Type Default Description

agent

string
Required

Specifies the browser's user agent to help identify which browser is being used.

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

authFilter > webApp

A unique configuration ID.

Name Type Default Description

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.