Page History
...
The JWT Configuration section of Yellowfin contains a variety of settings for implementing JWT SSO to provide you with as much flexibility as possible. You can choose to include the bare minimum, as indicated in the table and instructions below, or customize the token to include additional details according to your needs.
Parameter name | Parameter description | Required? | Default |
---|---|---|---|
JWT Token Delivery Mechanism | This radio button defines how the JWT token is retrieved — Cookie or URL Parameter. If Cookie is chosen, the JWT token will be fetched from the cookie named in the JWT Cookie Name field.
| No | URL Parameter |
JWT Cookie Name | This field only appears when the JWT Token Delivery Mechanism field is set to Cookie. This parameter defines the name of the cookie used. | No | None |
JWT Validation Key | This is the secret key for verifying the signature of the JWT token. This is a plain text secret. A binary key can be passed by encoding the secret in Base64. In this case, the Binary Validation Key field should be set to Plain Text. If you choose to use this, make sure you click the Update Password button after you’ve typed your secret key. Type the same secret key when creating your JWT token. | Yes | None |
Binary Validation Key | By default, this parameter is set to Plain Text. For added security, select the Base64 Encoded option. | No | Plain Text |
JWT Signature Verification Algorithm | By default, this setting is set to use the HMAC256 algorithm. Other options include: HMAC384, HMAC512 , RSA256, RSA384, RSA512, ECD256, ECD384 and ECD512. | No | HMAC256 |
JWT Issuer | This parameter validates the Issuer attribute in the JWT token, if one exists. If set, the value of this field will be compared to the Issuer field in the JWT token, and token verification will fail if they don’t match. | No | None |
JWT User Id Attribute | This parameter provides the Yellowfin UserId. | Yes | None |
JWT Client Reference Id Attribute | This parameter provides the location of the Client Reference Id of the client org that the user belongs to. Normally, this is set to ‘1’ for Yellowfin instances that have no related client orgs. | No | None |
SSO Entry Options | This parameter takes the JWT attribute that holds comma-separated web service session parameter values to be passed to the session created by the JWT SSO process. See the Customize Data with CustomParameters and Parameters section for more details and an example. | No | None |
SSO Custom Session Variable Attribute | This parameter allows options that can be passed via the Parameters option on an SSO web service call to be passed to the session created by the JWT SSO process. This is attribute-based and can apply to individual users. See the Customize Data with CustomParameters and Parameters section for more details and an example. | No | None |
JWT Onboarding | This toggle enables a new user to be provisioned at their first login attempt if they don’t already exist. | No | Off |
...