Enhancing agent authentication using JSON Web Tokens
Use JSON Web Tokens to enhance your agent authentication standard.
A JSON Web Token (JWT) is a standardized, self-contained access token which makes it possible for two parties to securely exchange data. Authentication information, expiry time information, and other user-defined claims are digitally signed, so that no database queries are required and the session does not need to be stored on a server.
JWT is especially suited for authentication purposes. Its short messages can be encrypted and securely convey who the sender is and whether they have the necessary access rights. It is also very useful in REST applications, because it ensures stateless protocols, since the information for the authentication is sent with the request.
JWT ensures mutual authentication between master domain manager and dynamic agents. Using JWT is easier and more immediate than downloading and maintaining certificates and, in a containerized environment, you no longer need to configure the ingress controller for SSL passthrough. For more information about JWT on containers, see the Ingress controller section in HCL Workload Automation Server.
For more information about configuring security and authentication, see Connection security overview.
To download the JWT on your dynamic agents at installation time, use the jwt parameter as explained in Agent installation parameters - twsinst script. You can also download the JWT at a later time as explained in Certificates download to dynamic agents - AgentCertificateDownloader script.
You can find some installation examples in Example installation commands
You can also revoke a JWT simply by deleting the workstation definition where the JWT is installed. For more information about deleting a scheduling object from the command line and Dynamic Workload Console, see Revoking and reissuing a JSON Web Token.
Ensure there are no misalignments in date and time in your network nor significant network delays because this might prevent JWT from working.