1. Symphony Help Center
  2. Symphony Administrators
  3. Troubleshooting

How to generate JWT/RSA tokens

Avatar
Alex Nalin
Generate a JSON Web Token (JWT)/RSA Token by following these steps:
 

1. From Terminal, run the following 2 commands to create an RSA key pair (Figure 1):

openssl genrsa -out mykey.pem 4096

openssl rsa -in mykey.pem -pubout -out pubkey.pem

Figure 1 RSA Key Pair Commands
 
2. To import the public key to the Pod, create a Service account (or use an existing one) and replace the value of the current public key with the newly generated pubkey.pem (Figure 2 and Figure 3):

2.png
Figure 2 Current Public Key

3.png
Figure 3 Replace

3. To generate a signed JWT, download the jwt-helper from the following URL:
 
https://filevault.symphony.com/index.php/s/BisoLiomZWLrijW
 
Note: The password is Symphony@123
 
4. Ensure the jwt-helper.jarthe mykey.pem and the pubkey.pem are present in the same folder (Figure 4):
 
 
Figure 4 RSA Folder
 
5. Run the following command via a Bash/Terminal/Linux based OS to receive the JWT Token (Figure 5 and Figure 6):
 
java -jar jwt-helper.jar -user AlexBotRSA -key mykey.pem
 
Figure 5 Command
 
Note: Where AlexBotRSA is the username of the Service Account and mykey.pem is the pem from step 1
 
6.png
Figure 6 JWT Token
 

6. Within 5 minutes of the JWT Token being generated, use the following endpoints to generate the sessionToken and keyManagerToken:

Via Postman:

Header: Content-Type
Value: application/json

sessionToken: (no port needed)
https://podname.symphony.com/login/pubkey/authenticate


{
  "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJBbGV4Qm90UlNBIiwiZXhwIjoxNTMxODIxMDQ0fQ.PzsEdray7qMtJCAm0ywfsn9I639ZI4AZ0UNJD4zAnYn9s6NqmA30KT33RRI1AvQOjpEhRG45OKgbBHfpA0vyBhkP5zr_JeG-pr2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpYjvg9Z7PPxY3Gu8kJQsV1k26wcUunFULs1rQCtUDuFFfBRdruIQLyKV3INmL2E0_m5WLzYmdiAlFvOFrZDtuadvWQCB3IYwM8qpXywcrN8-zDyHnOqC2CvhdhFkS_cz6IecvD1py4RB5gtjYlHFWfe6rm-zEbCGpBYpD_77DiFGXnpI-8nMBg1Tr1onDXHMN9Wkp3brQ_oXLLWQcduur3EL5N8a3MWfviS5kKh4QI7w0Y_Q6beP5u9PywAOLuKL2RaUXBC7N7BV3jSxurzaTWaBWmjN-DgweqHcTbxcdTnNxbseSeP569JL8NR2xz99l5M7uH1P72jlW9_ad-CZqKHTleG5_E4ncHJW7Y3TJosmEWeolMSxr-xkgmIkVw4kEcBiYFoc77ezIgQrMzu8AbI_4jv8"
}

You will receive the following response:

{
    "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJBbGV4Qm90UlNBIiwiaXNzIjoic3ltcGhvbnkiLCJzZXNzaW9uSWQiOiJlYWExZTkzMzFlNGI1ZTUzODI1MDZjNzI3YjkxMTUyZGRjZDY3OTljNzM5MmI3YjIwOTQyNDE0NTZkODc1MDEwOxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxGEH3hd-LZv2uly_IKXxdS8uR6a4c3H7Gp7muw3487RRplIPOvsQsv6jd488UP_YbQOs6O__WP1HW7vMxO6RwTW9vRaH3qbrB97JsfFGX090mzbcvjhxBoqW_y37yTr9at7fJinIaC6qKfwicfrSdBrFJHuf9_ZxOdk9PoAQSO-bylRZBsIk4chUvgOBKDgbYaGvlIIzsyYl9XOkr3OWVELS2XXIWejaErKvvri3GYECCUYb4Ptf_1lLqxgkgM2MrUrmY0uR448zhMH2i2BrDK_kOeMvDitS3lNoSjPoApM915GQ",
    "name": "sessionToken"
}

keyManagerToken: (no port needed)
https://podname.symphony.com/relay/pubkey/authenticate


{
  "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJBbGV4Qm90UlNBIiwiZXhwIjoxNTMxODIxMDQ0fQ.PzsEdray7qMtJCAm0ywfsn9I639ZI4AZ0UNJD4zAnYn9s6NqmA30KT33RRI1AvQOjpEhRG45OKgbBHfpA0vyBhkP5zr_JeG-pr2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpYjvg9Z7PPxY3Gu8kJQsV1k26wcUunFULs1rQCtUDuFFfBRdruIQLyKV3INmL2E0_m5WLzYmdiAlFvOFrZDtuadvWQCB3IYwM8qpXywcrN8-zDyHnOqC2CvhdhFkS_cz6IecvD1py4RB5gtjYlHFWfe6rm-zEbCGpBYpD_77DiFGXnpI-8nMBg1Tr1onDXHMN9Wkp3brQ_oXLLWQcduur3EL5N8a3MWfviS5kKh4QI7w0Y_Q6beP5u9PywAOLuKL2RaUXBC7N7BV3jSxurzaTWaBWmjN-DgweqHcTbxcdTnNxbseSeP569JL8NR2xz99l5M7uH1P72jlW9_ad-CZqKHTleG5_E4ncHJW7Y3TJosmEWeolMSxr-xkgmIkVw4kEcBiYFoc77ezIgQrMzu8AbI_4jv8"
}

You will receive the following response:

{
    "token": '01003fffe37203f4f3b88d9f9a8d73a5b412c9e132f9e34e5f647f841fd66330a5e4807af937b7e3e655ac08449ad86cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx6c9023d00193d0db3434235a19f372a0ceff90078daa521896825bd47649ef63e888d603d9e7fd5e96379c2b447a74e139d7c7e0cd8b7d8e05bcf6ebd271bc04aea52373f2924127af3432e74b1b2c4f89081cd979833ea62215f8',
    "name": "keyManagerToken"
}

Via Curl:

RSA Session Token:

curl 'https://podname.symphony.com/login/pubkey/authenticate' -X POST -H 'Content-Type: application/json' -d '{"token""JWT token from JWT-Helper.jar"}'

RSA KM Token:

curl 'https://podname-km.symphony.com/relay/pubkey/authenticate' -X POST -H 'Content-Type: application/json' -d '{"token""JWT token from JWT-Helper.jar"}'

Via JCurl:

Navigate to the following URL to generate the required Tokens:

https://github.com/symphonyoss/JCurl
 

RSA Session Token:

java -jar jcurl.jar -d '{"token": "your JWT-Helper generated token"}' https://podname.symphony.com/login/pubkey/authenticate

RSA KM Token:

java -jar jcurl.jar -d '{"token": "your JWT-Helper generated token"}' https://podname-km.symphony.com/relay/pubkey/authenticate

Optional Steps

To verify the tokens:
 
Navigate to the following URL:
 

https://jwt.io/

Paste the JWT from step 3 into the Encoded field and in the Verify Signature field, enter the value from pubkey.pem in the public field and the value from mykey.pem in the private key field.

 
To test the tokens:

Call the echo endpoint:
 

https://YOUR_POD_SUBDOMAIN.symphony.com/agent/v1/util/echo

Note: Where YOUR_POD_SUBDOMAIN is the name of your Pod

Use the RSA sessionAuth and RSA Keyauth from step 6 to receive the following:

{'message': 'Hello World'}

Based on your company's settings, the features in this article may not be applicable to you. Please contact your Symphony Admin or IT department with any questions.

Articles in this section

See more