Accessing the Web Client with JSON Web Tokens (Tools Release 9.2.5.4)
Starting with Tools Release 9.2.5.4, you can use JWT to access the EnterpriseOne Web
Client and Orchestrator Studio and establish a session with a browser. To do this, you
must include JWT in the URL by using the following access_token
parameter:
https://<MyE1HTMLServer>/jde/E1Menu.maf?access_token=eyJ4NXQiOiJxd0Vhttps://<MyAISServer>/studio/studio.html?access_token=eyJ4NXQiOiJxd0VAdditionally, you can use the JWT with an application shortcut (Parameterized URL) as shown in this example:
https://<MyE1HTMLServer>/jde/ShortcutLauncher?OID=P01012_W01012B_ZJDE0001& access_token=eyJ4NXQiOiJxd0VNote: It is recommended by Oracle that single-use JWT are used for this purpose.
You must include the following assertions in your JWT payload to ensure that single-use JWT are used:
- jti : This assertion must be unique for every JWT.
- at_use_nbr: The value of this assertion must be
1.The value1indicates that you can log in to the web client only once using this token. - Prn, sub, or upn: Any of these assertions can be used for the JD Edwards EnterpriseOne user ID.
This is an example of a recommended payload for the JWT:
{
"jti":"caf728cb-44d0-4f4b-bacf-7d588f7c3f1f",
"prn":"E1USER",
"iat":1616427984,
"exp":1616428104,
"iss":"issuer",
"at_use_nbr":1
}
Note: After the token is validated and a session is established, the browser will navigate
to the EnterpriseOne main page. You can also use a shortcut to navigate directly to
the required application. The system then removes the JWT from the URL.