Skip to Content
Technical Articles

SAP Commissions – JWT Authentication

JWT-based Authentication

The basic thing you need to understand JWT-based authentication is that you’re dealing with an encrypted JSON which we’ll call “token”. This token has all the information required for the back-end system to understand who you are and if, indeed, you are who you say you are.

 

So, let’s get into it.

Step 1 – Generate a private key.

You can generate a private key with the openssl tool using Gitbash

openssl genrsa -out private_jwt.key 2048

2. Generate a public key.

Again, we use openssl to generate the public key for the private key created in above scenario 1

openssl rsa -in private_jwt.key -pubout -outform PEM -out public_jwt_key.pub

The public key is stored in the file public_jwt_key.pub. It is used later by Commissions to verify the JWT token signature during the logon.

Step 2. Select Commissions user with authentication type JWT and upload the public key.

Go to SAP Commission > User Administration > Select your User and follow the steps

Step 3. Generate a JWT token.

Install Node and NPM to get jwtgen Package (https://www.npmjs.com/package/jwtgen)

npm i jwtgen

Command to generate JWT Token

jwtgen -e 3000 -c "sub=D00000000000001" -c "aud=https://0509.callidusondemand.com" -a RS256 -p JWT-Auth.key

Screenshot for JWT Token

 

SAP Commissions performs the following validations on the JWT token:

  • The aud claim in the token is equal to the Commissions server URL.
  • The iss claim in the token contains a Commissions user id of authentication type JWT.
  • The token signature is successfully verified with the public key stored with the Commissions user.
  • The token is valid and not yet expired.

Step 4. Authenticate against Commissions with the JWT token.

GET Method :

https://<tenantid>.callidusondemand.com/CallidusPortal/services/Authentication/isAuthenticated

If this API call is successful, a response with {} will appear.

Known Error

  • Public Key is limited to one user for JWT Authentication


Decoded Headers

{
  "typ": "JWT",
  "alg": "RS256"
}

Decoded Payload

{
  "iat": 1616780333,
  "exp": 1616783333,
  "sub": "D00000000000001",
  "aud": "https://0509.callidusondemand.com"
}

 

4 Comments
You must be Logged on to comment or reply to a post.