JWT Single Sign On (SSO) Configuration

Single Sign On (SSO) is the process of authentication that allows a user to login multiple software products with a single ID, usually a combination of an email address and a password. 

JSON Web Token (JWT) Single Sign On is available for Enterprise packages on Clinked.

• What is JWT SSO?
• How to enable JWT SSO

What is JWT SSO

JSON Web Token (JWT) is an open standard and secure way of transmitting information between parties. Using JWT with SSO allows a token to be passed across multiple applications, providing a seamless experience without frequent re-authentication.

Here are the steps for a user to become authenticated within Clinked using SSO:

1. Clinked provides a shared secret token that is used to sign the JWT token by the 3rd party.

2. The 3rd party creates a token with user details required by Clinked and signs the token with the provided secret

3. The 3rd party redirects to Clinked JWT remote login URL

4. If the token is verified, and all the required user details are provided, the user is provisioned in Clinked and logged in. 

How to enable JWT SSO

With the JWT option, the user can authenticate by providing a signed JWT token.  To enable JWT SSO:

1. Navigate to account settings 
2. Select Security & Authentication option from the menu
3. Scroll down to JWT Single Sign On (SSO) section
4. Enable the feature by turning the toggle on

Once the feature is enabled, a secret will be generated for the account. Use the following URL to authenticate the user using the JWT token:

/uaa/login/jwt?token=[signed-token-here]&returnTo=[optional-redirect-URL]

The JWT secret from account settings must be hex decoded.

Below is an example of how to create a signed token:

byte[] bytes = Hex.decodeHex("...secret...");
String token = Jwts.builder()
.setSubject("email@email.com")
.signWith(new SecretKeySpec(bytes, 0, bytes.length, "HmacSHA512"))
.compact();
System.out.println(token);