Hi, I'm Ask INFA!
What would you like to know?
ASK INFAPreview
Please to access Bolo.
Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Administrator
  • All Products

Table of Contents

Search

  1. Connectors and connections
  2. Connection configuration
  3. Connection properties
  4. Swagger file generation for REST V2 connections

Connections

Connections

Back Next

JWT bearer token authentication

JWT bearer token authentication

When you set up a REST V2 connection, you must configure the connection properties.
The following table describes the REST V2 connection properties when you use JWT bearer token authentication:
Connection property
Description
Connection Name
Name of the connection.
Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -,
Maximum length is 255 characters.
Description
Description of the connection. Maximum length is 4000 characters.
Type
The REST V2 connection type.
Runtime Environment
Name of the runtime environment where you want to run the tasks.
Select a Secure Agent, Hosted Agent, or serverless runtime environment.
You cannot run a streaming ingestion task on a Hosted Agent or serverless runtime environment.
Authentication
The authentication method that the REST V2 Connector must use to connect to the REST endpoint.
Select
JWT Bearer Token
.
JWT Header
JWT header in JSON format.
Sample:
{
"alg":"RS256",
"kid":"xxyyzz"
}
You can configure
HS256
 and
RS256
 algorithms.
JWT Payload
JWT payload in JSON format.
Sample:
{
"iss":"abc",
"sub":"678",
"aud":"https://api.box.com/oauth2/token",
"box_sub_type":"enterprise",
"exp":"120"
,
"jti":"3ee9364e"
}
The expiry time represented as
exp
 is the relative time in seconds. The expiry time is calculated in the UTC format from the token issuer time (
iat
).
When
iat
 is defined in the payload and the expiry time is reached, mappings and Generate Access Token will fail. To generate a new access token, you must provide a valid
iat
 in the payload.
If
iat
 is not defined in the payload, the expiry time is calculated from the current timestamp.
To pass the expiry time as a string value, enclose the value with double quotes. For example:
"exp":"120"
,
To pass the expiry time as an integer value, do not enclose the value with double quotes.
For example,
"exp":120
,
Authorization Server
Access token URL configured in your application.
Authorization Advanced Properties
Additional parameters to use with the access token URL. Parameters must be defined in the JSON format.
For example,
[\{"Name":"client_id","Value":"abc"},\{"Name":"client_secret","Value":"abc"}]
TrustStore File Path
The absolute path of the truststore file that contains the TLS certificate to establish a one-way or two-way secure connection with the REST API. Specify a directory path that is available on each Secure Agent machine.
You can also configure the truststore file name and password as a JVM option or import the certificate to the following directory:
<Secure Agent installation directory\jre\lib\security\cacerts
.
For the serverless runtime environment, specify the truststore file path in the serverless agent directory.
For example,
/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
TrustStore Password
The password for the truststore file that contains the SSL certificate.
You can also configure the truststore password as a JVM option.
KeyStore File Path
Mandatory. The absolute path of the keystore file that contains the keys and certificates required to establish a two-way secure communication with the REST API. Specify a directory path that is available on each Secure Agent machine.
You can also configure the keystore file name and location as a JVM option or import the certificate to any directory.
For the serverless runtime environment, specify the keystore file path in the serverless agent directory.
For example,
/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
KeyStore Password
Mandatory. The password for the keystore file required for secure communication.
You can also configure the keystore password as a JVM option.
Private Key Alias
Mandatory. Alias name of the private key used to sign the JWT payload.
Private Key Password
Mandatory. The password for the keystore file required for secure communication. The private key password must be same as the keystore password.
Access Token
Enter the access token value or click
Generate Access Token
 to populate the access token value.
To pass the generate access token call through a proxy server, you must configure an unauthenticated proxy server at the Secure Agent level. The REST V2 connection-level proxy configuration does not apply to the generate access token call.
Swagger File Path
The path of the Swagger file or OpenAPI file.
You can specify one of the following file paths:
  • Absolute path along with the file name
  • Hosted URL
If you provide the absolute path of the swagger file or OpenAPI file, the file must be located on the Secure Agent machine.
The hosted URL must return the content of the file without prompting for further authentication and redirection.
For example, the path of the swagger file can be:
C:\swagger\sampleSwagger.json
The user must have the read permission for the folder and the file.
In a
streaming ingestion
 task, use only a hosted URL of the swagger specification file as the swagger file path.
Proxy Type
Type of proxy. You can select one of the following options:
  • No Proxy. Bypasses the proxy server configured in the agent or the connection properties.
  • Platform Proxy. Considers the proxy configured in the agent.
  • Custom Proxy. Considers the proxy configured in the connection properties.
Proxy Configuration
The format required to configure proxy.
You can configure proxy using the following format:
<host>:<port>
You cannot configure an authenticated proxy server.
Advanced Fields
Enter the arguments that the agent uses when connecting to a REST endpoint.
You can specify the following arguments, each separated by a semicolon (
;
):
  • ConnectionTimeout
    . The wait time in milliseconds to get a response from a REST endpoint. The connection ends after the connection timeout is over. Default is the timeout defined in the endpoint API.
    If you define both the REST V2 connection timeout and the endpoint API timeout, the connection ends at the shortest defined timeout.
  • connectiondelaytime
    . The delay time in milliseconds to send a request to a REST endpoint. Default is 10000.
  • retryattempts
    . Number of times the connection is attempted when 400 and 500 series error codes are returned in the response. Default is 3. Specify 0 to disable the retry attempts.
  • qualifiedSchema
    . Determines if the schema selected is qualified or unqualified. Default is false.
For example,
connectiondelaytime:10000;retryattempts:5
In a
streaming ingestion
 task, only
ConnectionTimeout
 and
retryattempts
 are applicable.
The
HS256
 algorithm support in
JWT Header
 is available for preview. Preview functionality is supported for evaluation purposes but is unwarranted and is not production-ready. Informatica recommends that you use in non-production environments only. Informatica intends to include the preview functionality in an upcoming release for production use, but might choose not to in accordance with changing market or technical circumstances. For more information, contact Informatica Global Customer Support. To use the functionality, your organization must have the appropriate licenses.
0 COMMENTS
We’d like to hear from you!