JWT Configuration for Connectors
To configure the JWT (JSON Web Token) there are two options for a customer regarding certificate.
JWT Configuration Using the Server Certificate and Private Key
Unica Link can run some steps to create pkcs12/p12 bundle to import these to JKS/java keystore. Unica Link can set up the key alias name, password, and keystore password.
Prerequisites
- Certificate file
- Private key
- Java keytool command is installed
- OpenSSL
To configure JWT for connectors, follow these steps:
- To generate pkcs12 file from certificate and private key,
run the following command using
OpenSSL:
openssl pkcs12 -export -in certificate.pem -inkey privatekey.key -name <ALIAS_NAME> -outoutpkcs12cert.p12
- Enter the password for the pkcs12 file.
- To generate a
JKS
(java keystore) file from the generated pkcs12 file, run the following command using Java keytool.keytool -v -importkeystore -srckeystore outpkcs12cert.p12 -srcstoretype PKCS12 -destkeystore sfkeystore.jks -deststoretype JKS
- Enter the Source password to generate the pkcs12 file.
- Enter the Destination password to generate the
JKS
file.
keytool
is provided with any standard
JDK/JRE distributions, which can be found under the
%JAVA_HOME%/bin folder.JWT Configuration Using P12/pkcs12 File
Customer can create P12/pkcs12 file and share the
p12 file, key alias name, and password. Unica Link support
can import it to JKS
.
To configure JWT for connectors, follow these steps:
- To generate a
JKS
file from this pkcs12 file. Run the following command using Java keytool.keytool -v -importkeystore -srckeystore outpkcs12cert.p12 -srcstoretype PKCS12 -destkeystore sfkeystore.jks -deststoretype JKS
- Enter the Source password to generate the pkcs12 file.
- Enter the Destination password to generate the
JKS
file.
keytool
is provided with any standard
JDK/JRE distributions, which can be found under the
%JAVA_HOME%/bin folder.config.yaml File Changes for JWT Configuration
Put the generated JKS file (sfkeystore.jks) in your local machine where HCL Link is installed. For example: /opt/hipfiles/sfkeystore.jks and configure the same in config.yaml file.
Add the following fields in the config.yaml file under the server section:
configuration
of keystore for JWT oauth2 authentication in salesforce connectors.connectors:
jks:
filepath
is the path of generated JKS file. For example: /opt/hipfiles/sfkeystore.jks.filepath: <JKS_FILE_PATH>
password
field is the password entered while creating pkcs12 file.password: <PKCS12_PASSWORD>
- privateKeyAlias is the alias name for private key entered
while creating pkcs12 file.
privateKeyAlias: <ALIAS_NAME>
privateKeyPassword
field is the password entered while creatingJKS
file.privateKeyPassword: <JKS_PASSWORD>