Initiating LiveContent Central sessions securely using JWT tokens

If an external system needs to start a LiveContent Central session securely, then this can be achieved through the use of a JWT token. The calling system must store publication identifiers and user credentials in a JSON Web Token (JWT), encrypt that token and pass the token in, when calling LiveContent Central. LiveContent Central will then decrypt that token and use the information contained to start a secure session.

Procedure

  1. Content Service provides three endpoints to enable a session from an external system.
    • GET login/authenticate - This API authenticates users by using a JWT token present in the authorization header of the HTTP request. Upon successful authentication, it returns JSESSIONID and AUTH_SESSION.
    • GET login/new_book_open - Authenticates the user by using a JWT token. Upon successful authentication, it redirects to the selected publication.
    • GET login/collections - Authenticates the user by using a JWT token. Upon successful authentication, it redirects to the collection page.
  2. To begin JWT configurations in LiveContent Central, gather the following information.
    • secret - a private key, used by the issuer to sign the JWT
    • issuer - a string that identifies the principal that issued the JWT
    • audience- Identifies the audience of the token, that is, who should be consuming it.
    • username - LiveContent Central username that you will use for login
    • password- LiveContent Central password
  3. Open the application.yml file located at [LCC_Home]/content-service/config for editing.
  4. Modify the following configuration.
    lcc:
      jwt:
        secret: ENC(your_encrypted_key)
        issuer: https://auth.example.com
        audience: http://localhost:${server.port}
        username: ENC(your_encrypted_username)
        password: ENC(your_encrypted_password)
        security:
    	    type: trust_token
    				
    
    The values that are prefixed with ENC are encrypted. Refer to Configuring sensitive data in the application YAML files to modify encrypted data.
  5. Save the application.yml file.
  6. Restart Content Service for configuration changes to take effect.
  7. LiveContent Central is now configured to use JWT. Use any of the endpoints in Step1 to access a secure session with LiveContent Central.