How to generate JWT/RSA tokens

Generate a JSON Web Token (JWT)/RSA Token by following these steps:
 

1. From a Terminal session, run the following 2 commands to create an RSA key pair (Figure 1):

openssl genrsa -out mykey.pem 4096

openssl rsa -in mykey.pem -pubout -out pubkey.pem
Figure 1 RSA key pair commands
 
2. To import the Public Key to the pod, create a Service account (or use an existing one) and replace the value of the current Public Key with the newly generated pubkey.pem (Figure 2 and Figure 3):

mceclip0.png
Figure 2 Current Public Key

 

3.png
Figure 3 Replace

 

3. To generate a signed JWT, download the jwt-helper here.  
 
Note: The password is Symphony@123.
 
4. Ensure the jwt-helper.jarthe mykey.pem and the pubkey.pem are present in the same folder (Figure 4):
 
 
Figure 4 RSA folder
 
5. Run the following command via a Terminal session to receive the JWT Token (Figure 5 and Figure 6):
java -jar jwt-helper.jar -user AlexBotRSA -key mykey.pem
Figure 5 Command
 
Note: Where AlexBotRSA is the username of the Service Account and mykey.pem is the pem from step 1.
 
6.png
Figure 6 JWT token
 

6. Within 5 minutes of the JWT Token being generated, use the following endpoints to generate the sessionToken and keyManagerToken:

 

Via Postman:

Header: Content-Type.
Value: application/json.

sessionToken: (no port needed):
https://companyabc.symphony.com/login/pubkey/authenticate

{
  "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJBbGV4Qm90UlNBIiwiZXhwIjoxNTMxODIxMDQ0fQ.PzsEdray7qMtJCAm0ywfsn9I639ZI4AZ0UNJD4zAnYn9s6NqmA30KT33RRI1AvQOjpEhRG45OKgbBHfpA0vyBhkP5zr_JeG-pr2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpYjvg9Z7PPxY3Gu8kJQsV1k26wcUunFULs1rQCtUDuFFfBRdruIQLyKV3INmL2E0_m5WLzYmdiAlFvOFrZDtuadvWQCB3IYwM8qpXywcrN8-zDyHnOqC2CvhdhFkS_cz6IecvD1py4RB5gtjYlHFWfe6rm-zEbCGpBYpD_77DiFGXnpI-8nMBg1Tr1onDXHMN9Wkp3brQ_oXLLWQcduur3EL5N8a3MWfviS5kKh4QI7w0Y_Q6beP5u9PywAOLuKL2RaUXBC7N7BV3jSxurzaTWaBWmjN-DgweqHcTbxcdTnNxbseSeP569JL8NR2xz99l5M7uH1P72jlW9_ad-CZqKHTleG5_E4ncHJW7Y3TJosmEWeolMSxr-xkgmIkVw4kEcBiYFoc77ezIgQrMzu8AbI_4jv8"
}

You will receive the following response:

{
    "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJBbGV4Qm90UlNBIiwiaXNzIjoic3ltcGhvbnkiLCJzZXNzaW9uSWQiOiJlYWExZTkzMzFlNGI1ZTUzODI1MDZjNzI3YjkxMTUyZGRjZDY3OTljNzM5MmI3YjIwOTQyNDE0NTZkODc1MDEwOxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxGEH3hd-LZv2uly_IKXxdS8uR6a4c3H7Gp7muw3487RRplIPOvsQsv6jd488UP_YbQOs6O__WP1HW7vMxO6RwTW9vRaH3qbrB97JsfFGX090mzbcvjhxBoqW_y37yTr9at7fJinIaC6qKfwicfrSdBrFJHuf9_ZxOdk9PoAQSO-bylRZBsIk4chUvgOBKDgbYaGvlIIzsyYl9XOkr3OWVELS2XXIWejaErKvvri3GYECCUYb4Ptf_1lLqxgkgM2MrUrmY0uR448zhMH2i2BrDK_kOeMvDitS3lNoSjPoApM915GQ",
    "name": "sessionToken"
}

keyManagerToken: (no port needed):
https://companyabc.symphony.com/relay/pubkey/authenticate

{
  "token": "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiJBbGV4Qm90UlNBIiwiZXhwIjoxNTMxODIxMDQ0fQ.PzsEdray7qMtJCAm0ywfsn9I639ZI4AZ0UNJD4zAnYn9s6NqmA30KT33RRI1AvQOjpEhRG45OKgbBHfpA0vyBhkP5zr_JeG-pr2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpYjvg9Z7PPxY3Gu8kJQsV1k26wcUunFULs1rQCtUDuFFfBRdruIQLyKV3INmL2E0_m5WLzYmdiAlFvOFrZDtuadvWQCB3IYwM8qpXywcrN8-zDyHnOqC2CvhdhFkS_cz6IecvD1py4RB5gtjYlHFWfe6rm-zEbCGpBYpD_77DiFGXnpI-8nMBg1Tr1onDXHMN9Wkp3brQ_oXLLWQcduur3EL5N8a3MWfviS5kKh4QI7w0Y_Q6beP5u9PywAOLuKL2RaUXBC7N7BV3jSxurzaTWaBWmjN-DgweqHcTbxcdTnNxbseSeP569JL8NR2xz99l5M7uH1P72jlW9_ad-CZqKHTleG5_E4ncHJW7Y3TJosmEWeolMSxr-xkgmIkVw4kEcBiYFoc77ezIgQrMzu8AbI_4jv8"
}

You will receive the following response:

{
    "token": '01003fffe37203f4f3b88d9f9a8d73a5b412c9e132f9e34e5f647f841fd66330a5e4807af937b7e3e655ac08449ad86cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx6c9023d00193d0db3434235a19f372a0ceff90078daa521896825bd47649ef63e888d603d9e7fd5e96379c2b447a74e139d7c7e0cd8b7d8e05bcf6ebd271bc04aea52373f2924127af3432e74b1b2c4f89081cd979833ea62215f8',
    "name": "keyManagerToken"
}

Note: Where companyabc is the name of your pod.

 

Via Curl:

RSA Session Token:

curl 'https://companyabc.symphony.com/login/pubkey/authenticate' -X POST -H 'Content-Type: application/json' -d '{"token""JWT token from JWT-Helper.jar"}'

RSA KM Token:

curl 'https://companyabc-km.symphony.com/relay/pubkey/authenticate' -X POST -H 'Content-Type: application/json' -d '{"token""JWT token from JWT-Helper.jar"}'

Note: Where companyabc is the name of your pod.


Via JCurl:

Navigate here to generate the required tokens.

 

RSA Session Token:

java -jar jcurl.jar -d '{"token": "your JWT-Helper generated token"}' https://companyabc.symphony.com/login/pubkey/authenticate

RSA KM Token:

java -jar jcurl.jar -d '{"token": "your JWT-Helper generated token"}' https://companyabc-km.symphony.com/relay/pubkey/authenticate

Note: Where companyabc is the name of your pod.


Optional steps

Navigate here to verify the tokens.
 

Paste the JWT from step 5 into the Encoded field and in the Verify Signature field, enter the value from pubkey.pem in the public field and the value from mykey.pem in the Private Key field.

 
To test the tokens, call the echo endpoint below:

https://companyabc.symphony.com/agent/v1/util/echo
 

Note: Where companyabc is the name of your pod.

 

Use the RSA sessionAuth and RSA Keyauth from step 6 to receive the following message:

{'message': 'Hello World'}