Idea ID: 1650576

Enable SSO Token authentification for ITSMA suite

Status : Waiting for Votes
Waiting for Votes
See status update history
over 3 years ago

It should be ensured that JWT Token ID follows regular standards. We've learned that the token ID is the same like the access token and this is the only mandatory part of JWT.

In the example token from Micro Focus
 eyJ0eXAiOiJKV1MiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI5MDI1NThlMTYzY2MyZTJmMDE2M2NjNzE3M2FiMDFiYiIsImlzcyI6IklkTSAxLjIxLjAtYnVpbGQuNjEiLCJjb20uaHBlLmlkbTp0cnVzdG9yIjpudWxsLCJleHAiOjE1MjgxODE0MTksImNvbS5ocC5jbG91ZDp0ZW5hbnQiOnsiaWQiOiI5MDI1NThlMTYzY2MyZTJmMDE2M2NjMmUzY2M0MDBiMiIsIm5hbWUiOiJQcm92aWRlciIsImVuYWJsZWQiOnRydWV9LCJwcm4iOiJhZG1pbiIsImlhdCI6MTUyODE3OTYxOSwianRpIjoiOGMyZDM0MTctYzk4Ny00NzdkLWEwMzItZWFmYWI4ZWU3MDYxIn0.HjS0EB0UeUqWOI5Rdms0l05Olp-DnNbbXrJXNoktsMg

there are custom claims that cannot be generated within our infrastructure. Payload data of MF ID:

{
  "sub": "902558e163cc2e2f0163cc7173ab01bb",
  "iss": "IdM 1.21.0-build.61",
  "com.hpe.idm:trustor": null,
  "exp": 1528181419,
  "com.hp.cloud:tenant": {
    "id": "902558e163cc2e2f0163cc2e3cc400b2",
    "name": "Provider",
    "enabled": true
  },
  "prn": "admin",
  "iat": 1528179619,
  "jti": "8c2d3417-c987-477d-a032-eafab8ee7061"
}

 

We cannot create  

"com.hp.cloud:tenant": {
    "id": "902558e163cc2e2f0163cc2e3cc400b2",
    "name": "Provider",
    "enabled": true
  },

These fields should be either optional. Or non existent.

We assume that "prn": "admin" is the user name. If this will be true, we will be able to provide PRN in our access token.
We need a description how ITSM (SMA-SM 2017.11 or later) is enabled to process this token.