If an external system needs to start a LiveContent Central session securely, then this can be achieved through the use of a JWT token. The calling system must store publication identifiers and user credentials in a JSON Web Token (JWT), encrypt that token and pass the token in, when calling LiveContent Central. LiveContent Central will then decrypt that token and use the information contained to start a secure session.
Procedure
- Content Service provides three endpoints to enable a session from an external system.
GET login/authenticate - This API authenticates users by using a JWT token present in the authorization header of the HTTP request. Upon successful authentication, it returns JSESSIONID and AUTH_SESSION.
GET login/new_book_open - Authenticates the user by using a JWT token. Upon successful authentication, it redirects to the selected publication.
GET login/collections - Authenticates the user by using a JWT token. Upon successful authentication, it redirects to the collection page.
- To begin JWT configurations in LiveContent Central, gather the following information.
secret - a private key, used by the issuer to sign the JWT
issuer - a string that identifies the principal that issued the JWT
audience- Identifies the audience of the token, that is, who should be consuming it.
username - LiveContent Central username that you will use for login
password- LiveContent Central password
- Open the
application.yml file located at [LCC_Home]/content-service/config for editing.
- Modify the following configuration.
lcc:
jwt:
secret: ENC(your_encrypted_key)
issuer: https://auth.example.com
audience: http://localhost:${server.port}
username: ENC(your_encrypted_username)
password: ENC(your_encrypted_password)
security:
type: trust_token
The values that are prefixed with
ENC are encrypted. Refer to
Configuring sensitive data in the application YAML files to modify encrypted data.
Note: Two types of security can be used with LiveContent Central. Set security type to trust_user if you want the username and password to be included in the token. Set security type to trust_token if you do not want to include username and password in the encryption but want to use the default username and password as suggested in Step 4.
- Save the
application.yml file.
- Restart Content Service for configuration changes to take effect.
- LiveContent Central is now configured to use JWT. Use any of the endpoints in Step1 to access a secure session with LiveContent Central.