Configuring JWT - HxGN EAM - Version 11.07.01 - Installation & Upgrade

HxGN EAM Installation Guide

Language
English
Product
HxGN EAM
Search by Category
Installation & Upgrade
HxGN EAM Version
11.7.1
  1. Navigate to the [APP_HOME]/depconfig/generatejwt folder.

  2. Generate the JWT Keystore and public certificate by executing the following command:

    You will be prompted to input some values required for generating the JWT artifacts. The default value, if present, for any input is provided inside square brackets at the end of the prompt.

    • On Linux, execute the shell script: ./generatejwt.sh

    • On Windows, execute the powershell script: .\generatejwt.ps1

  3. Open the file [APP_HOME]/depconfig/properties/external/config.yml in a text editor.

  4. Add/modify the sso section of the file like the example below:

    sso:
    jwt:
    keystore:
    path: "{{{sso.jwt.home}}}/<keystore file name with extension from step 2>"
    password: "<Storepass secret from step 2>"
    alias: "<alias of keystore from step 2>"
    certpath: "{{{sso.jwt.home}}}/<Public Key/certificate name with extension from step
    2>"

    The above example assumes that the default values for keystore, alias and public certificate have not been used in Step 2. If that is not the case, then the corresponding configuration can be omitted from the config.yml, except for the password as there is no default value provided for the password. So, if the default value of keystore is accepted in Step 2 and the values of alias and certificate are modified, then the sso section will be as follows.

    sso:
    jwt:
    keystore:
    password: “<Keystore password from step 2>”
    alias: “<alias of keystore from step 2>”
    certpath: “{{{sso.jwt.home}}}/<Public Certificate name with extension from step 2>”

  5. Copy the public key/certificate and key store files generated by the script in step 2 to the appropriate [APP_HOME]/overrides/sso/jwt directory.

  6. Choose one of the following options to re-deploy the EAM application:

    • On Linux, execute the deploy shell script: ./deploy.sh

    • On Windows, execute the deploy batch script: deploy.bat

It is not mandatory that EAM SSO is required to be configured in order to configure EAM JWT.

If EAM is used behind a load balancer, then all the instances of the EAM server should use the same JWT certificate.