This section explains how to perform Single Sign-On (SSO) for users with the Custom JSON Web Token (JWT) in the Bold BI application.
Login with this URL {Bold BI URL}/ums/administration
using the admin credentials.
Click on Authentication
and then JWT
.
Enable the JWT settings.
Provide the following details in the JWT
settings.
Name | It represents the name of the JWT provider to be displayed in the login page. |
Provider Logo | It represents the logo of the JWT provider to be displayed in the login page. |
Remote Login URL | It is the endpoint of the JWT provider to send the authorization request from Bold BI application. |
Remote Logout URL | It is the endpoint of the JWT provider to send the logout request once user logged out in the Bold BI application. |
After the values are saved, the application will generate a Signing Key
. This signing key must be used for signing JSON Web Tokens from your application.
The Signing Key
can be copied, viewed, and reset using the following options:
Once the JWT settings are configured, go to the Bold BI login page and click on the JWT login option.
After that, the application will generate the JSON Web Token for user and it is redirected back to Bold BI call back URL {Bold BI URL}/sso/jwt/callback?jwt={token}&site_identifier={site identifier}&redirect_to={redirecturl}
with the encoded JWT in a query string.
The Bold BI application will validate the JWT and deserialize the user information from the token.
Based on the user information, the Bold BI application will check if the user’s email already has access in the Bold BI application. If the user is already registered in Bold BI, they will be authenticated.
If the user is not yet registered in the Bold BI server, they will be added as a user and authenticated to access the Bold BI application
The JWT callback URL will validate the JWT response from the configured application.
After a user successfully logs into your configured application, you can redirect them to the specific URL provided.
{Bold BI URL}/sso/jwt/callback?jwt={token}&site_identifier={site identifier}&redirect_to={redirecturl}
Parameter | Required | Comments |
---|---|---|
jwt | Yes | JSON Web Token will be passed in this parameter. It will contain the JWT Payload |
site_identifier | No | This parameter will be used to grant site access for the JWT user.
If the JWT login accessed from the tenant, Bold BI login URL will redirect to your application with tenant site identifier in URL query string. You can use this identifier in JWT response URL. Example Url
|
redirect_to | No | If this parameter is included in the JWT response, then the user will be redirected to that page, after the login process completed. |
To create the JWT, use HMAC-SHA256
as the signing algorithm.
A JWT should contain the following claims:
Parameter | Parameter Name | Value Type | Required | Comments |
---|---|---|---|---|
User Id | sub | string | Yes | Unique identifier of the user. |
string | Yes | Email address of the user. | ||
First Name | first_name | string | Yes | First name of the user. |
Last Name | last_name | string | No | Surname of the user. |
Phone | phone | string | No | Phone number of the user. |
Please refer to the following sample for instructions on how to generate the JWT.
private string GenerateJSONWebToken(UserModel userInfo)
{
var signingKey = "signingkey";// Signing key value will copy from JWT Settings page
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(signingKey));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);
var claims = new[] {
new Claim("sub", "420c5d51-1754-4a9b-b4b5-d5bfebb21b0f")
new Claim("email", "john.doe@example.com"),
new Claim("first_name", "Makila"),
new Claim("last_name", "S"),
new Claim("phone", "1234567890")
};
var token = new JwtSecurityToken(claims: claims,
expires: DateTime.Now.AddMinutes(120),
signingCredentials: credentials);
return new JwtSecurityTokenHandler().WriteToken(token);
}