5 Configure JWT Authentication

You can optionally configure JWT-based authentication between the Converged Application Server signalling cluster and the Media Flow Engines (MFEs), RTP Proxies, and Intelligent AI Connectors (IACs).

JWT authentication has two settings: enabled globally or disabled globally. By default, it is enabled and applies:

• between the Converged Application Server signalling cluster and every MFE
• between the Converged Application Server signalling cluster and every RTP Proxy
• between the Converged Application Server signalling cluster and every IAC

Mixed modes – with authentication enabled between some nodes and not others – is not supported.

Enable JWT Authentication for the MFE

1. Connect to the VM where you installed the MFE.
2. Navigate to the MFE's config directory.

   cd media-flow-engine-8.3.0.0.0-MFE/MFE_HOME/config/

3. In the application.yaml file, set the security.jwt.enabled property to true.

   security:
     jwt:
       enabled: true
       public-key:
         path: ../security/public.pem

Enable JWT Authentication for the RTP Proxy

4. Connect to the VM where you installed the RTP Proxy.
5. Navigate to the RTP Proxy's config directory.

   cd ORACLE_HOME/config/

6. Set the jwt.enabled parameter to true.

       "jwt": {
         "_comment": "Enable JWT verification for protected endpoints. Public key is loaded from $RP_CONFIG_PATH/security/public.pem.",
         "enabled": true
       },

Enable JWT Authentication for the AI Connector

7. Edit the IAC configuration file in <IAC_HOME>/config/application.yaml.
8. Set the security.jwt.enabed property to true to enable JWT Authentication.

   security:
     jwt:
       enabled: true

Generate a Private Key

9. On the VM where Converged Application Server is installed, navigate to the Oracle Home directory.
10. In the Oracle Home directory, generate a new private key to encrypt node-to-node communications.

    openssl genrsa -out private.pem 2048

Load the Private Key at Startup

11. Open the domain environment file: DOMAIN_HOME/bin/setDomainEnv.sh.
12. Add the following options to the JAVA_OPTIONS parameter.

    -Doracle.sdp.mgs.jwt.pem.path=$ORACLE_HOME/private.pem
    -Doracle.occas.ags.jwt.pem.path=$ORACLE_HOME/private_aic.pem

13. Start the Converged Application Server.