JWT tokens are self-contained, they usually carry the user name and the user’s roles, amongst other, self-defined claims. Thus, for JWT authentication, you do not need to the internal user database at all. The internal user database is only useful if you do not have any other means of authentication/authorization.
The concept is really simple:
The JWT token contains user information and role information in JSON format, as the name implies.
First, tell SG where to find this information in the JWT by setting the following configuration keys in sg_config.yml:
subject_key: <key for the user name / subject>
roles_key: <key for the user's roles>
The simply map the user name, the roles, or both in sg_roles_mapping according to your needs. This will map the JWT to one or more SG roles where you can then define the respective access permissions.
On Monday, October 16, 2017 at 11:21:28 AM UTC+2, Paul Azad wrote:
Can i get some clarification on JWT as we are considering using Kibana/SG (using JWT) for our web app. I have looked at the documentation
I can see there are sample configuration for the SG configuration, but i am looking for clarification on the payload.
I have done some research on JWT - and i understand the concept - but am struggling to put that concept into the SG world.
If we are going to have 20 users, and 10 roles (for example), do we need to add the users to the SG internal DB? Or do we just add the roles into the internal DB and have the role passed in the payload?
Also which fields are required in the payload?