JSON Web Token Single Sign-On
1.0

This feature allows the runtime to produce and consume MP-JWT cookies for authentication.

Enabling this feature

To enable the JSON Web Token Single Sign-On 1.0 feature, add the following element declaration into your server.xml file, inside the featureManager element:

<feature>jwtSso-1.0</feature>

Configuring JWT SSO to change the token expiration time

With JWT SSO you can use a JSON Web Token (JWT) as a Single-Sign-On (SSO). The following example shows how you can configure the JWT SSO to change the token expiration time:

<jwtSso cookieName="myjwt" jwtBuilderRef="myBuilder"/>

 <jwtBuilder id="myBuilder" expiresInSeconds="1800"/>

The jwtBuilderRef attribute refers to the jwtBuilder element myBuilder. The id attribute for the jwtBuilder element named myBuilder identifies the JWT builder. The expiresInSeconds attribute indicates the token expiration time that is set to 1800 seconds for a newly generated token.

Disabling JWT cookies

You can enable JWT SSO to accept authentication with an existing JWT cookie without generating the JWT cookie. The following example shows how to disable the creating of JWT cookies:

<jwtSso id="sample" disableJwtCookie="true" />

Feature configuration elements

Stable API packages provided by this feature

  • org.eclipse.microprofile.auth

  • org.eclipse.microprofile.jwt

Features that this feature enables

Supported Java versions

  • JavaSE-1.8

  • JavaSE-11.0

  • JavaSE-15.0

Developing a feature that depends on this feature

If you are developing a feature that depends on this feature, include the following item in the Subsystem-Content header in your feature manifest file.

com.ibm.websphere.appserver.jwtSso-1.0; type="osgi.subsystem.feature"