JWT Authentication actity for Mashup - not authorized to open instance DATA-ADMIN-SECURITY-TOKEN
We have a need to authenticate mashup users by means of a JSON Web Token (JWT). Many of the moving parts of the solution are working. The part where I am stuck is where I need to validate the JWT. I have a working Token Profile that I tested with pxProcessJWT, but when I try to do an Obj-Open on it so that I can use JwtUtils.processJSONWebToken(...), I get an error:
"Error in Obj-Open
com.pega.pegarules.pub.database.AuthorizationException: You are not authorized to open instance DATA-ADMIN-SECURITY-TOKEN <my token name>"
Obviously the current user is unauthenticated, so it looks like I would need to modify the PegaRULES:Guest access role to allow this. Which in turn would mean unlocking the PegaRULES:08-01-01 ruleset.
Does anyone know of a better way? I don't want to resort to adding a lot of custom Java to go around this obstacle.
***Edited by Moderator Marissa to update platform capability tags****
I resolved this by creating a new Access Role authorized to open instance DATA-ADMIN-SECURITY-TOKEN and adding it to the Gateway:Unauthenticated access group.
Keep up to date on this post and subscribe to comments
- How to generate JWT token with custom header using OOTB Token Profile Data Instance
- JWT token generation-- security config using Private key only.
- Authentication failed because the constructed Data-Admin-Operator-ID instance failed to pass validation
- Custom authentication will fail: Couldn't retrieve the Data-Admin-AuthService instance: SAMLAuth
- LDAP2 Authintication Authentication failed because the constructed Data-Admin-Operator-ID instance failed to pass validation.