Search results

How to set up JWT for SSO authentication in Bold BI

This section explains how to perform Single Sign-On (SSO) for users with the Custom JSON Web Token (JWT) in Bold BI application.

Steps to configure JWT in Bold BI

  1. Login with this URL {Bold BI URL}/ums/administration using the admin credential.

  2. Click Authentication and then JWT.

    JWT Configuration

  3. Enable the JWT settings.

  4. Provide the following details in the JWT settings.

    Name It represents the name of the JWT provider to be displayed in the login page.
    Provider Logo It represents the logo of the JWT provider to be displayed in the login page.
    Remote Login URL It is the endpoint of the JWT provider to send the authorization request from Bold BI application.
    Remote Logout URL It is the endpoint of the JWT provider to send the logout request once user logged out in the Bold BI application.
  5. After the values are saved, the application will generate a Signing Key. This signing key has to be used for signing JSON Web Tokens from your application.

  6. The Signing Key will copy, view, and reset using the following options:

    Copy

How JWT works with Bold BI

  1. Once configured the JWT settings, go to the Bold BI login page and click the JWT login option, it will redirects to configured application login URL. JWT Login

  2. After that, the application will generate the JSON Web Token for user and it is redirected back to Bold BI call back URL {Bold BI URL}/sso/jwt/callback?jwt={token}&site_identifier={site identifier}&redirect_to={redirecturl} with the encoded JWT in a query string.

  3. Bold BI application will validate the JWT and deserialize the user information from the token.

  4. From the user information, Bold BI application will check, if the user email has access in Bold BI application already. If the user is already available in Bold BI, it will authenticate the user.

  5. If the user is not available in Bold BI server, it will add the user and authenticate to access Bold BI application.

JWT Callback URL

JWT callback URL will validate the JWT response from configured application.

After a user successful logs into your configured application, you can redirect them to the following specific URL.

{Bold BI URL}/sso/jwt/callback?jwt={token}&site_identifier={site identifier}&redirect_to={redirecturl}

Parameter Required Comments
jwt Yes JSON Web Token will be passed in this parameter. It will contain the JWT Payload
site_identifier No This parameter will be used to grant site access for the JWT user. If the JWT login accessed from the tenant, Bold BI login URL will redirect to your application with tenant site identifier in URL query string. You can use this identifier in JWT response URL. Example Url`{Remote login URL}?site_identifier={site identifier}`

NOTE: Should pass one site identifier. More than one identifier not allowed.

redirect_to No If this parameter is included in the JWT response, then the user will be redirected to that page, after the login process completed.

Create JSON Web Token

To create the JWT, use HMAC-SHA256 as signing algorithm.

What parameters can be passed in the payload of JWT

JWT should contain the following claims:

Parameter Parameter Name Value Type Required Comments
User Id sub string Yes Unique identifier of the user.
Email emailaddress string Yes Email address of the user.
First Name first_name string Yes First name of the user.
Last Name last_name string No Surname of the user.
Phone phone string No Phone number of the user.

JSON Web Token sample

Please refer to the following sample for how to generate the JWT.

private string GenerateJSONWebToken(UserModel userInfo)    
{    
    var signingKey = "signingkey";// Signing key value will copy from JWT Settings page
    var securityKey = new SymmetricSecurityKey(signingKey);
    var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);

    var claims = new[] {
        new Claim("sub", "420c5d51-1754-4a9b-b4b5-d5bfebb21b0f")
        new Claim("email", "john.doe@example.com"),
        new Claim("first_name", "Makila"),
        new Claim("last_name", "S"),
        new Claim("phone", "1234567890")
            };

    var token = new JwtSecurityToken(claims: claims,
                expires: DateTime.Now.AddMinutes(120),
                signingCredentials: credentials);

    return new JwtSecurityTokenHandler().WriteToken(token);
}