Configure JWT settings

To enable or change the JSON Web Token configuration:

  1. Open the DGC service settings for editing:
  2. In the JWT section, make the necessary changes.
    SettingDescription
    JSON Web Key Set URL

    The URL to retrieve public key information needed to verify the authenticity of JSON Web Tokens (JWTs), issued by an authorization server.

    This setting is required to enable JWT authentication.

    JWT Token Types

    A case-insensitive comma-separated list of accepted JWT media types coming in the typ header parameter.

    Leave blank if the authorization server does not provide a media type parameter.

    The default values is at+jwt,jwt.

    JWT Algorithms

    A comma-separated list of accepted JWT algorithms coming in the alg header parameter. See https://tools.ietf.org/html/rfc7518#section-3.1 for details.

    Leave blank to accept all digital signature algorithms.

    JWT Issuer

    The accepted issuer coming in the iss JWT claim.

    Leave blank if the authorization server does not provide an issuer claim.

    JWT Audience

    A comma-separated list of accepted audience values for the aud claim.

    The value for this field is a configuration setting in your authorization server, which identifies your Collibra environment as the intended recipient of the JWT.

    Leave blank if the authorization server does not provide an audience claim.

    JWT Principal ID Claim Name.

    The name of the JWT claim containing the principal's identity. See https://tools.ietf.org/html/rfc7519#section-4.1.2 for details.

    Defaults to the standard subject claim, sub.

    Change this setting only if your authorization server has other means of identifying the principal, for example, a client_id claim.

    This setting is required if JWT authentication is enabled.

    JWT Maximum Clock Skew

    The maximum acceptable difference in seconds between the clocks of the machines running the authorization server and Collibra.

    Differences smaller than the given amount are ignored when performing time comparisons for token validation.

    The default value is 60 seconds if left blank.

  3. Click Save all.
  4. Restart the environment to apply your changes. For more information, go to Stop an environment and Start an environment.