1. Home
  2. Docs
  3. Single Sign On with Trans...
  4. Instances
  5. JWT Private Key

JWT Private Key

Starting with Tools Release, you can use JWT (JSON Web Token) to access the EnterpriseOne Web Client and Orchestrator Studio. Transparent Logon can produce a JWT to access JD Edwards. Transparent logon requres a private key to sign the JWT. JD Edwards must be configured to use the public key to trust the JWT. There are a few steps to configure this

Generating Your Private Key

Use the following command to generate your private key using the RSA algorithm:
openssl genrsa -out yourdomain.key 2048
This command generates a private key in your current directory named yourdomain.key (-out yourdomain.key) using the RSA algorithm (genrsa) with a key length of 2048 bits (2048). The generated key is created using the OpenSSL format called PEM.
Older versions of OpenSSL generate the private key in PKCS1 format. TL expects a key in PKCS8 format. When the first line of the key file is “—–BEGIN RSA PRIVATE KEY—–” then it is in PKCS1 format and must be converted to the PKCS8 format. A PKCS8 key starts with “—–BEGIN PRIVATE KEY—–”.
Use the following command to convert the private key from PKCS1 to PKCS8
openssl pkey -in yourdomain.key -out yourdomain-pkcs8.key

Upload this file in transparent login

Upload JWT into TL

Upload JWT into TL

Select the Select Private Key button and navigate to your key file you just generated. Then use the upload button to load the file into your TL server.

When a Private Key has been applied, you will see this in this screen as follows:

Certificate applied

Certificate applied

Use the button to delete the private key.

Create certificate for JDEdwards

A trsutstore for JDEdwards is a java keystore which only contains a certificate entry with the public key. To create such a truststore we need to wrap the public key in a self-signed certificate. A self-signed certificate is a certificate that’s signed with its own private key. This requires to create a Certificate Signing Request and then create the certificate by signing the request.

Ue the following command

openssl req -key yourdomain.key -new -x509 -days 365 -out yourdomain.crt

The -days option specifies the number of days that the certificate will be valid.

Follow the instructions to import this certificate into JDEdwards

How can we help?