Setting up JWT authentication for developer toolkit

Use the information in the section to set up JWT authentication for IBM® Sterling™ Order Management System Software Order Service in Sterling Order Management System Software developer toolkit. By default, authentication is disabled in Order Service in Sterling Order Management System Software developer toolkit.

Note: For setting up JWT authentication for Order Service using Operator, see Setting up JWT authentication for Operator deployment.

All incoming requests in Order Service are authenticated with the help of signed JWT (JWS). To authenticate the incoming request, Order Service uses JWT token that is generated by Sterling Order Management System Software.

To enable JWT authentication, complete the following steps:
For Sterling Order Management System Software
  1. Enable Order Service authentication in Sterling Order Management System Software by setting property osi.orderservice.auth.disabled to false.
  2. Configure JWT properties for Sterling Order Management System Software. For more information, see JWT properties for Sterling Order Management System Software.
  3. Generate keystore in Sterling Order Management System Software. For more information, see Generating keystore in Sterling Order Management System Software.
For Order Service
  1. Enable JWT authentication in Order Service by setting the service_auth_disable as false in orderservice.properties file in developer toolkit environment under compose-orderservice/docker/configuration.
  2. Configure JWT properties for Order Service. For more information, see JWT properties for Order Service.
  3. In a command-line utility, go to the compose-orderservice directory of your developer toolkit environment. Run orderservice-compose.sh setup-upg target to update the changes in the order service docker container.
Note: The property values that you configure in Order Service must match the property values that are configured in Sterling Order Management System Software.

Generating keystore in Sterling Order Management System Software

Note: You can use the following commands as reference for development purpose only for generating keystore in Sterling Order Management System Software Developer Toolkit.

To create keystore that has PRIVATEKEY and PUBLICKEY pair, complete the following steps.

  1. Create a keystore by running the following command from inside the devtoolkit_docker/jndi directory.
    keytool -genkey -keyalg RSA -keysize 2048 -keystore <keystore_name> -validity 365 -storetype JKS -alias <alias_name> -storepass <password> -keypass <password> -dname "CN=oms, OU=oms, O=oms, L=oms, S=oms, C=US"

    • -keystore provides the keystore name, for example, key.jks

    • -alias describes the alias name that is configured as part of JWT properties of Sterling Order Management System Software. For more information, see JWT properties for Sterling Order Management System Software.

    • -storepass and -keypass provides the password for your keystore.

  2. Verify that the private key is created by running the following command.
    keytool -list -storetype JKS -keystore <keystore_name> -storepass <password>
  3. Export the public key by running the following command.
    keytool -export -alias <alias name> -keystore <keystore_name> | openssl x509 -inform der -pubkey -noout
  4. Update the following jvm.options contained within the application server container.
    1. docker exec -it om-appserver bash
    2. Update /config/jvm.options file with the following arguments.
      • -Dycp.jwt.auth.keyStore=<location to devtoolkit_docker/jndi directory>/<keystore file name>
      • -Dycp.jwt.auth.keyStorePassword=<password configured while creating the keystore>
  5. Use the following command for running agents.
    ./agentserver.sh -jvmargs "-Dycp.jwt.auth.keyStore=<location to devtoolkit_docker>/<keystore file name> -Dycp.jwt.auth.keyStorePassword=<password configured while creating the keystore>" <servername>