JSON Web Tokens in HTTP Headers

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

• Configuration
  The ‘[jwt:<jct-id>]’ configuration stanza allows us to generate and insert a signed JSON Web Token into a HTTP header of requests destined for the junctioned Web server. A generated JWT is valid for the lifetime of the WebSEAL user session.
• Limitations
  This topic describes some limitations of the JSON Web Tokens (JWT) implementation.
• JWKS
  The JSON Web Key Set (JWKS) is a set of keys containing the public keys that should be used to verify any JSON Web Token (JWT) that is issued by an authorization server and signed using the RSA or ECDSA algorithms.

Parent topic: Single Sign-on Solutions