4 Configure JWT Authentication

You can optionally configure JWT-based authentication between the Intelligent Media Connector and the Media Flow Engines and RTP Proxies.

JWT-based authentication must be enabled globally within the environment. Either it is not enabled at all or it is enabled:

• between the Intelligent Media Connector and every MFE
• between the Intelligent Media Connector and every RTP Proxy

Mixed modes – with authentication enabled between some nodes and not others – is not supported.

Enable JWT Authentication for the MFE

1. Connect to the VM where you installed the MFE.
2. Navigate to the MFE's config directory.

   cd media-flow-engine-8.3.0.0.0-MFE/MFE_HOME/config/

3. In the application.yaml file, set the security.jwt.enabled property to true.

   security:
     jwt:
       enabled: true
       public-key:
         path: ../security/public.pem

Enable JWT Authentication for the RTP Proxy

4. Connect to the VM where you installed the RTP Proxy.
5. Navigate to the RTP Proxy's config directory.

   cd ORACLE_HOME/config/

6. Set the jwt.enabled parameter to true.

       "jwt": {
         "_comment": "Enable JWT verification for protected endpoints. Public key is loaded from $RP_CONFIG_PATH/security/public.pem.",
         "enabled": true
       },

Generate a Private Key

7. On the VM where Converged Application Server is installed, navigate to the Oracle Home directory.
8. In the Oracle Home directory, generate a new private key to encrypt node-to-node communications.

   openssl genrsa -out private.pem 2048

Load the Private Key at Startup

9. Open the domain environment file: <Domain_Home>/bin/setDomainEnv.sh.
10. Add the following options to the JAVA_OPTIONS parameter.

    -Doracle.sdp.mgs.jwt.pem.path=$ORACLE_HOME/private.pem

11. Start the Converged Application Server.