1. Home
  2. Docs
  3. Appshare Architecture
  4. Single Sign On
  5. JD Edwards AIS and JSON web token

JD Edwards AIS and JSON web token

The AIS server from JD Edwards is not an OAuth resource server, but it understands JSON Web Tokens (JWT) from an JWT producing authority. An Access Token is a specific implementation of JSON Web Token which overlaps with the requirements from JD Edwards. JD Edwards supports JSON Web Tokens on authentication, but uses a proprietary token for all other requests. How this works is described on the JD Edwards documentation Understanding JSON Web Token Authentication

JSON Web Token signatures can be validated against the public key of the JWT producing authority. This public key must be configured in JD Edwards. Many identity providers which support AAuth 2.0 and OpenID connect uses JSON Web Key (JWK) Sets to distribute their public keys. These keys are rotated regularly to improve security, The JD Edwards JWT implementation does not support these JSON Web Key Sets. When your Identity Provider does not support fixed private/public key pairs to sign JSON Web Tokens then Appshare cannot do Single Sign On with your identity provider.

Transparent Logon can be used as mediator to translate between your identity provider and Appshare to authenticate with JSON Web Tokens. Appshare requires Transparent Logon when one of these is true:

  • The external identity provider rotates the signing private/public key. Transparent Logon uses a fixed private key.
  • The authentication from an external identity provider does not have the username from JDE. Transparent Logon can map the external usernmae to the JDE username

How can we help?