JWT Configuration for Connectors

To configure the JWT (JSON Web Token) there are two options for a customer regarding certificate.

JWT Configuration Using the Server Certificate and Private Key

Unica Link can run some steps to create pkcs12/p12 bundle to import these to JKS/java keystore. Unica Link can set up the key alias name, password, and keystore password.

Prerequisites

Ensure that these system requirements are met before you configure the JWT:
  • Certificate file
  • Private key
  • Java keytool command is installed
  • OpenSSL

To configure JWT for connectors, follow these steps:

  1. To generate pkcs12 file from certificate and private key, run the following command using OpenSSL:
    openssl pkcs12 -export -in certificate.pem -inkey privatekey.key -name <ALIAS_NAME> -outoutpkcs12cert.p12
  2. Enter the password for the pkcs12 file.
  3. To generate a JKS (java keystore) file from the generated pkcs12 file, run the following command using Java keytool.
    keytool -v -importkeystore -srckeystore outpkcs12cert.p12 -srcstoretype PKCS12 -destkeystore sfkeystore.jks -deststoretype JKS
  4. Enter the Source password to generate the pkcs12 file.
  5. Enter the Destination password to generate the JKS file.
Note: keytool is provided with any standard JDK/JRE distributions, which can be found under the %JAVA_HOME%/bin folder.

JWT Configuration Using P12/pkcs12 File

Customer can create P12/pkcs12 file and share the p12 file, key alias name, and password. Unica Link support can import it to JKS.

To configure JWT for connectors, follow these steps:

  1. To generate a JKS file from this pkcs12 file. Run the following command using Java keytool.
    keytool -v -importkeystore -srckeystore outpkcs12cert.p12 -srcstoretype PKCS12 -destkeystore sfkeystore.jks -deststoretype JKS
  2. Enter the Source password to generate the pkcs12 file.
  3. Enter the Destination password to generate the JKS file.
Note: keytool is provided with any standard JDK/JRE distributions, which can be found under the %JAVA_HOME%/bin folder.

config.yaml File Changes for JWT Configuration

Put the generated JKS file (sfkeystore.jks) in your local machine where HCL Link is installed. For example: /opt/hipfiles/sfkeystore.jks and configure the same in config.yaml file.

Add the following fields in the config.yaml file under the server section:

  1. configuration of keystore for JWT oauth2 authentication in salesforce connectors.

    connectors:

    jks:

  2. filepath is the path of generated JKS file. For example: /opt/hipfiles/sfkeystore.jks.

    filepath: <JKS_FILE_PATH>

  3. password field is the password entered while creating pkcs12 file.

    password: <PKCS12_PASSWORD>

  4. privateKeyAlias is the alias name for private key entered while creating pkcs12 file.

    privateKeyAlias: <ALIAS_NAME>

  5. privateKeyPassword field is the password entered while creating JKS file.

    privateKeyPassword: <JKS_PASSWORD>