JWT token and GetClientPrincipal() - Forum - Community Groups - Progress Community

JWT token and GetClientPrincipal()

 Forum

JWT token and GetClientPrincipal()

This question is not answered

Using Progress version 11.7.4 PASOE

I'm trying to follow the document "PAS for OpenEdge JWT and OAuth2 samples 2017-11-21.pdf", but I get an error in program idmActivate.p. In my logging I get the following lines:
From idmStartup.p

09/11/2018 08:53:38,072+01:00 loaded domain JWTdomain
09/11/2018 08:53:38,077+01:00 loaded key 1a051b2c373c
09/11/2018 08:53:38,081+01:00 loaded domain Google
09/11/2018 08:53:38,085+01:00 loaded key 373d20203e20383629
09/11/2018 08:53:38,089+01:00 loaded domain AWSDomain
09/11/2018 08:53:38,093+01:00 loaded key 11051c2c373c
09/11/2018 08:53:38,259+01:00 loaded domain JWTdomain
09/11/2018 08:53:38,267+01:00 loaded key 1a051b2c373c
09/11/2018 08:53:38,279+01:00 loaded domain Google
09/11/2018 08:53:38,286+01:00 loaded key 373d20203e20383629
09/11/2018 08:53:38,294+01:00 loaded domain AWSDomain
09/11/2018 08:53:38,300+01:00 loaded key 11051c2c373c

From idmActivate.p
09/11/2018 08:55:46,765+01:00 Required parameter for SET-CLIENT was passed the Unknown value. (15918)

So when the agents start, the domains.json file is loaded. When I send the JWT token using Postman it gets validated by PASOE and should be available in the ClientPrincipal.

/* Code snippet */
define variable hCP as handle no-undo.
hCP = session:current-request-info:GetClientPrincipal().
lok = SECURITY-POLICY:SET-CLIENT(hCP).

Variable hCP contains unknown value, so the SET-CLIENT(hCP) gives me the error message.

Question: Why is hCP unknown?

All Replies
  • You might see hCP as unknown if the security is not configured properly. What does you have in  oeablSecurity.properties ?

    Regards,

    Irfan

  • Please check the document I mentioned, containing step by step examples. Including the properties files. So I'm fairly sure that's not the probleem.

    Using get-value("remote-user") I even get the userid sent in the JWT token, so the probleem is not in reading the token.