Example: Use a locally configured trusted certificate
The following example configures a JWT access token validator to use a locally stored public signing certificate to validate access token signatures. The signing certificate is assumed to have been obtained out-of-band and must be a PEM-encoded X.509v3 certificate.
# Create an identity mapper that expects the token subject to be a uid dsconfig create-identity-mapper \ --mapper-name "User ID Identity Mapper" \ --type exact-match \ --set enabled:true \ --set match-attribute:uid \ --set match-base-dn:ou=people,dc=example,dc=com # Add the public signing certificate to the server configuration dsconfig create-trusted-certificate \ --certificate-name "JWT Signing Certificate" \ --set "certificate</path/to/signing-certificate.pem" # Create the Access Token Validator dsconfig create-access-token-validator \ --validator-name "JWT Access Token Validator" \ --type jwt \ --set enabled:true \ --set evaluation-order-index:1000 \ --set allowed-signing-algorithm:RS256 \ --set "trusted-certificate:JWT Signing Certificate" --set "identity-mapper:User ID Identity Mapper"