Page History

When connecting to a Document Management System via the CMIS standard, you may need to use Json Web Tokens tokens for authentication purposes. This article describes the steps needed to configure the CMIS plugin to use JWT authentication. The Blueriq CMIS plugin has the possibility to configure a custom authentication provider through the property 'cmis.authProvider.class' in 'cmis.properties', a custom authentication provider for JWT is included in the CMIS plugin. Please note that when the property 'cmis.authProvider.class' is set, basic authentication (cmis.user, cmis.password) is no longer applied.

...

<JAVA_HOME>\bin\keytool -list -keystore test_keystore.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

blueriq_testexample_only_cert, 12-nov-2015, trustedCertEntry,
Certificate fingerprint (SHA1): EA:1A:31:BB:6C:A5:70:B0:A8:CB:BA:18:CA:AD:D4:6A:D1:0A:50:99
blueriq_testexample, 11-nov-2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 55:BD:8F:4A:97:B4:76:FB:02:D6:6B:50:AC:D7:94:13:86:FC:91:4B

...

Header:
{
  "x5t": "Vb2PSpe0dvsC1mtQrNeUE4b8kUs",
  "alg": "RS256"
}

Payload:
{
  "iss": "BlueriqCompanyName",
  "aud": "IBM Filenet",
  "sub": "CMIS",
  "idp": "active directory",
  "nbf": 1450537298,
  "exp": 1450540898,
  "iat": 1450537298,
  "identity": "ms.vanemployee@company.tilburg@company.com"
}

JWT properties

To use the JWT authentication provider set 'cmis.authProvider.class' to 'com.aquima.plugin.cmis.impl.jwt.JwtAuthenticationProvider'. The claims to put in the JWT should be configured in 'cmis.properties'. All property names that start with 'cmis.authProvider.jwt.claims.' are interpreted as claims with fixed values. For example 'cmis.authProvider.jwt.claims.idp=digid' will add a claim named 'idp' with the value 'digid'. All properties for JWT have a descriptive comment in the 'cmis.properties' file that is shipped with Blueriq.

...