- Go to Apps -> Add Application from the side menu
- Click on the JWT apps option.
- Select the default JWT App.
- You can configure the following details in the application:
- Click on Edit in the select menu against your app, to get further details about your recently added JWT application.
- Signature Algorithms for JWT
- RSA-SHA256
- Asymmetric, uses a set of private and public keys to generate and validate the signature which is included in the JWT token.
- The private key is used to generate the signature on the IDP side.
- The public key is used to verify the signature on the SP side.
- We provide the public key for this.
- HS256
- Symmetric, uses the same secret key to generate and validate the signature
- The secret key in this case is configurable from the app configuration page.
- Endpoints:
- Single Sign-On URL:
- This URL is used to initiate user authentication to obtain the JWT token.
- Take redirect_uri as one of the query parameters.
- After successful authentication on the IDP end, an active user session is created in the IDP and the user is redirected to the
redirect_uri with the JWT token.
- Single Logout URL:
- This URL is used to log out the user from the IDP by removing the active user session.
- Take redirect_uri as one of the query parameters.
- After removing the active user session, the IDP redirects the user to the redirect_uri.
- Reply back URL for IdP initiated logout:
- This URL is used to initiate the logout in case the JWT user login was IDP Initiated [User logged in to the dashboard
first and then initiated the login for the app from the dashboard.] - After logging out the user from the IDP, the user is redirected to the IDP dashboard login page.
- This URL is used to initiate the logout in case the JWT user login was IDP Initiated [User logged in to the dashboard
| APP Name | Enter the API Name (i.e. the name for this application), and add a description if required. |
| Redirect-URL | Enter the Redirect-URL (i.e. the endpoint where you want to send/post your JWT token). You can add multiple redirect URLs by separating them with a ‘;’.E.g. abc.com;xyz.com |
| Identity Source | Select the default ID source from the dropdown for the application. If not selected, users will see the default login screen and can choose their own IDP.You can select ‘Miniorange’ here as users will be authenticated from the default DB. |
| Upload an app logo (Optional) | Upload an app logo (Optional). The app will be shown in the end-user dashboard with the logo that you configure here. |
| Group Name | Select the group for which you wish to add this policy. For multiple groups, you can click here to add multiple/separate policies for each group. |
| Policy Name | You can give a name for the authentication policy. |
| Login Method | Select the login method as Password. You can enable 2-Factor and Adaptive Authentication. |
| Show On End User Dashboard | Enable this option if you want to show this app in the end-user dashboard. |
| Client ID | If your application provides its own client ID, you can configure it by clicking on the Customize button. |
| App Secret | You can find App Secret by clicking on the icon as shown below. This is used in the HS265 Signature algorithm for generating the signature. |
| Signature Algorithm | Select your signature algorithm from the dropdown. Details of the signature algorithms are mentioned below |
| Identity Source | Select the default ID source from the dropdown for the application. If not selected, users will see the default login screen and can choose their own IDP. [Choose miniOrange in this case.] |
| Redirect URL | Given below is your app URL where you will receive your token.
RSA 256 : <your_app-login-url> (Here token will be added by the system) HS256 : <app-login-url/?id_token=> |
