This custom token issuer transcipts claims form input assertions to output access tokens.
Tested with IS-7.0.0
- Stop the server if it is already running.
- Build the project using following command,
mvn clean install - Copy the jar file nato-jwt-token-issuer-1.0.0.jar from the target directory to <IS_HOME>/repository/components/lib folder.
- Add the following extension configuration in <IS_HOME>/repository/conf/identity/deployment.xml as follows.
[[oauth.extensions.token_types]]
name = "NatoJWTissuer"
issuer = "org.datastyx.wso2.nato.jwtissuer.ClaimTranscriptionTokenIssuer"
persist_access_token_alias = true
- The system running the WSO2IS must have a system environment variable
OAUTH_TRANSCRIPTION_CLAIMSset with the claims to transcribe. (case sensitive list, whitespace is trimmed, separator is ';')
- Start the server.
- Create a new service provider in WSO2IS. Configure the "OAuth/OpenID Connect Configuration" inbound Auth configuration.
- Select the "ClaimTranscriptionTokenIssuer"
- Add the audience restriction to match the same URL as the WSO2IS IdP.
- Set the Callback URL to "regexp=(.*)" to match anything.
- Add a claim mapping to add a
clearanceclaim to the JWT token. - Copy the "OAuth Client Key" and the "OAuth Client Secret" values respectively to the
CONSUMER_KEYandCONSUMER_SECRETconstants of theget_token.shscript. - Run the
get_token.shscript to perform claim transcription on the clearance value during a OAuth JWT grant token request.