| |
| <!DOCTYPE HTML> |
| <html lang="" > |
| <head> |
| <meta charset="UTF-8"> |
| <title>Setup JWT security · Eclipse Kapua™ User Guide</title> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge" /> |
| <meta name="description" content=""> |
| <meta name="generator" content="HonKit 3.6.20"> |
| |
| |
| |
| |
| <link rel="stylesheet" href="gitbook/style.css"> |
| |
| |
| |
| |
| <link rel="stylesheet" href="gitbook/gitbook-plugin-highlight/website.css"> |
| |
| |
| |
| <link rel="stylesheet" href="gitbook/gitbook-plugin-search/search.css"> |
| |
| |
| |
| <link rel="stylesheet" href="gitbook/gitbook-plugin-fontsettings/website.css"> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <meta name="HandheldFriendly" content="true"/> |
| <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> |
| <meta name="apple-mobile-web-app-capable" content="yes"> |
| <meta name="apple-mobile-web-app-status-bar-style" content="black"> |
| <link rel="apple-touch-icon-precomposed" sizes="152x152" href="gitbook/images/apple-touch-icon-precomposed-152.png"> |
| <link rel="shortcut icon" href="gitbook/images/favicon.ico" type="image/x-icon"> |
| |
| |
| <link rel="next" href="Permissions.html" /> |
| |
| |
| <link rel="prev" href="simulator.html" /> |
| |
| |
| </head> |
| <body> |
| |
| <div class="book honkit-cloak"> |
| <div class="book-summary"> |
| |
| |
| <div id="book-search-input" role="search"> |
| <input type="text" placeholder="Type to search" /> |
| </div> |
| |
| |
| <nav role="navigation"> |
| |
| |
| |
| <ul class="summary"> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <li class="chapter " data-level="1.1" data-path="./"> |
| |
| <a href="./"> |
| |
| |
| Introduction |
| |
| </a> |
| |
| |
| |
| </li> |
| |
| <li class="chapter " data-level="1.2" data-path="rest.html"> |
| |
| <a href="rest.html"> |
| |
| |
| REST API |
| |
| </a> |
| |
| |
| |
| </li> |
| |
| <li class="chapter " data-level="1.3" data-path="community.html"> |
| |
| <a href="community.html"> |
| |
| |
| Community |
| |
| </a> |
| |
| |
| |
| </li> |
| |
| <li class="chapter " data-level="1.4" data-path="simulator.html"> |
| |
| <a href="simulator.html"> |
| |
| |
| Simulator |
| |
| </a> |
| |
| |
| |
| </li> |
| |
| <li class="chapter active" data-level="1.5" data-path="jwt_security.html"> |
| |
| <a href="jwt_security.html"> |
| |
| |
| Setup JWT security |
| |
| </a> |
| |
| |
| |
| </li> |
| |
| <li class="chapter " data-level="1.6" data-path="Permissions.html"> |
| |
| <a href="Permissions.html"> |
| |
| |
| Kapua Permissions |
| |
| </a> |
| |
| |
| |
| </li> |
| |
| <li class="chapter " data-level="1.7" data-path="mfa.html"> |
| |
| <a href="mfa.html"> |
| |
| |
| Multi Factor Authentication |
| |
| </a> |
| |
| |
| |
| </li> |
| |
| <li class="chapter " data-level="1.8" data-path="credentials.html"> |
| |
| <a href="credentials.html"> |
| |
| |
| Credentials |
| |
| </a> |
| |
| |
| |
| </li> |
| |
| |
| |
| |
| <li class="divider"></li> |
| |
| <li> |
| <a href="https://github.com/honkit/honkit" target="blank" class="gitbook-link"> |
| Published with HonKit |
| </a> |
| </li> |
| </ul> |
| |
| |
| </nav> |
| |
| |
| </div> |
| |
| <div class="book-body"> |
| |
| <div class="body-inner"> |
| |
| |
| |
| <div class="book-header" role="navigation"> |
| |
| |
| <!-- Title --> |
| <h1> |
| <i class="fa fa-circle-o-notch fa-spin"></i> |
| <a href="." >Setup JWT security</a> |
| </h1> |
| </div> |
| |
| |
| |
| |
| <div class="page-wrapper" tabindex="-1" role="main"> |
| <div class="page-inner"> |
| |
| <div id="book-search-results"> |
| <div class="search-noresults"> |
| |
| <section class="normal markdown-section"> |
| |
| <h1 id="jwt-security">JWT Security</h1> |
| <p>To leverage JWT security features, an X509 Certificate with the related private key must be loaded in Kapua.</p> |
| <h2 id="use-random-generated-certificate-and-private-key">Use random generated certificate and private key</h2> |
| <p>By default Kapua will look for keys in the path specified by <code>certificate.jwt.private.key</code> and <code>certificate.jwt.certificate</code> system properties at startup (see below). Such properties MUST be set, otherwise an error will be thrown.</p> |
| <p>In both the Vagrant develop machine and the Docker deployment, a certificate and its private key are dynamically generated in the Vagrant box / Docker image build. They are then automatically loaded at startup by the environment. </p> |
| <h2 id="use-a-custom-certificate">Use a custom certificate</h2> |
| <p>If you want to use a custom certificate you can generate it, along with its private key, with <a href="https://www.openssl.org/" target="_blank">OpenSSL</a>. In order to create those files you can use the following commands:</p> |
| <pre><code class="lang-bash">openssl req -x509 -newkey rsa:4096 -keyout <path_to_key> -out <path_to_certificate> -days 365 -nodes -subj <span class="hljs-string">'/O=Eclipse Kapua/C=XX'</span> |
| openssl pkcs8 -topk8 -<span class="hljs-keyword">in</span> <path_to_key> -out <path_to_pkcs8_key> |
| rm <path_to_key> |
| </code></pre> |
| <p>When converting the private key in PKCS8 format you can avoid password encryption by adding the <code>-nocrypt</code> switch to the <code>openssl pkcs8</code> command above.</p> |
| <p>Both the certificate and the private key must be in PKCS8 format. If the private key is password encrypted, you can specify it with the <code>certificate.jwt.private.key.password</code> system property. </p> |
| |
| |
| </section> |
| |
| </div> |
| <div class="search-results"> |
| <div class="has-results"> |
| |
| <h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1> |
| <ul class="search-results-list"></ul> |
| |
| </div> |
| <div class="no-results"> |
| |
| <h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1> |
| |
| </div> |
| </div> |
| </div> |
| |
| </div> |
| </div> |
| |
| </div> |
| |
| |
| |
| <a href="simulator.html" class="navigation navigation-prev " aria-label="Previous page: Simulator"> |
| <i class="fa fa-angle-left"></i> |
| </a> |
| |
| |
| <a href="Permissions.html" class="navigation navigation-next " aria-label="Next page: Kapua Permissions"> |
| <i class="fa fa-angle-right"></i> |
| </a> |
| |
| |
| |
| </div> |
| |
| <script> |
| var gitbook = gitbook || []; |
| gitbook.push(function() { |
| gitbook.page.hasChanged({"page":{"title":"Setup JWT security","level":"1.5","depth":1,"next":{"title":"Kapua Permissions","level":"1.6","depth":1,"path":"Permissions.md","ref":"Permissions.md","articles":[]},"previous":{"title":"Simulator","level":"1.4","depth":1,"path":"simulator.md","ref":"simulator.md","articles":[]},"dir":"ltr"},"config":{"plugins":[],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"highlight":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"github":"eclipse/kapua","theme":"default","githubHost":"https://github.com/","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56},"embedFonts":false},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"Eclipse Kapua™ User Guide","links":{"home":"http://eclipse.org/kapua"},"gitbook":"3.x.x","description":"Eclipse Kapua™ User Guide"},"file":{"path":"jwt_security.md","mtime":"2021-07-20T08:57:45.193Z","type":"markdown"},"gitbook":{"version":"3.6.20","time":"2021-07-20T08:58:21.032Z"},"basePath":".","book":{"language":""}}); |
| }); |
| </script> |
| </div> |
| |
| |
| <noscript> |
| <style> |
| .honkit-cloak { |
| display: block !important; |
| } |
| </style> |
| </noscript> |
| <script> |
| // Restore sidebar state as critical path for prevent layout shift |
| function __init__getSidebarState(defaultValue){ |
| var baseKey = ""; |
| var key = baseKey + ":sidebar"; |
| try { |
| var value = localStorage[key]; |
| if (value === undefined) { |
| return defaultValue; |
| } |
| var parsed = JSON.parse(value); |
| return parsed == null ? defaultValue : parsed; |
| } catch (e) { |
| return defaultValue; |
| } |
| } |
| function __init__restoreLastSidebarState() { |
| var isMobile = window.matchMedia("(max-width: 600px)").matches; |
| if (isMobile) { |
| // Init last state if not mobile |
| return; |
| } |
| var sidebarState = __init__getSidebarState(true); |
| var book = document.querySelector(".book"); |
| // Show sidebar if it enabled |
| if (sidebarState && book) { |
| book.classList.add("without-animation", "with-summary"); |
| } |
| } |
| |
| try { |
| __init__restoreLastSidebarState(); |
| } finally { |
| var book = document.querySelector(".book"); |
| book.classList.remove("honkit-cloak"); |
| } |
| </script> |
| <script src="gitbook/gitbook.js"></script> |
| <script src="gitbook/theme.js"></script> |
| |
| |
| <script src="gitbook/gitbook-plugin-search/search-engine.js"></script> |
| |
| |
| |
| <script src="gitbook/gitbook-plugin-search/search.js"></script> |
| |
| |
| |
| <script src="gitbook/gitbook-plugin-lunr/lunr.min.js"></script> |
| |
| |
| |
| <script src="gitbook/gitbook-plugin-lunr/search-lunr.js"></script> |
| |
| |
| |
| <script src="gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script> |
| |
| |
| |
| </body> |
| </html> |
| |