How to Use the JWT Authentication Scheme
[1] Configure JWT Authentication Scheme as per below documentation:https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/configuring/policy-server-configuration/authentication-schemes/json-web-token-jwt-authentication-scheme/how-to-use-the-jwt-authentication-scheme.html[2] Protect a Resource with an Access Gateway agent using JWT Authentication Scheme:Assign the JWT authentication scheme to the realm that you prepared for protection as part of prerequisites. Note the URL of the protected resource for the next configuration step.
[3] Configure proxy rules to forward request to backend target server:<nete:proxyrules xmlns:nete="http://www.ca.com/">
<nete:forward>http://abc146.xyz.ca.com:88$0</nete:forward>
</nete:proxyrules>
Note:My backend server did not have any agent configured on it and it is listening on port 88.
[4] Install and Configure Tomcat
Follow these steps:
Download the Tomcat installer from
https://tomcat.apache.org/download-90.cgi.Run the installer and install Tomcat.
Copy the entire jwt application folder to the Tomcat web apps folder.
Restart Tomcat.
Verify that you can access the sample web application at
http://abc145.xyz.ca.com:8080/jwt/Note:In my case, i renamed the JWT_Sample_Application i downloaded to a simpler name like jwt. Hence the jwt path in the above Tomcat application link.
[5] Configure Sample Web Application in Tomcat
Follow these steps:
Stop Tomcat.
Navigate to \webapps\JWT_SAMPLEAPP\WEB-INF\classes and open the config.properties file.
Set the CA_SSO_TARGET_URL field in the file to the URL of the resource that you protected with the JWT authentication scheme in the following format:
CA_SSO_TARGET_URL=http://abc146.xyz.ca.com/test/
Restart Tomcat.
[6] Test Access to Sample Web ApplicationFollow these steps:
Access the following URL to test access to the same web application:
http://abc145.xyz.ca.com:8080/jwt/Enter the login credentials of the user who is present in the user store that is configured with CA Single Sign-on.
Log in to the web application.
If the authentication is successful, user is given access to the protected resource.