When validating a third party server generated Jason Web Token (JWT) for authentication, is it necessary to define an Identity Token Profile (IDTDATA)?
Is defining IDTDATA only needed if creating JWT TOKENS?
Release : 16.0
Using Top Secret with APAR LU00910, (plus current hyper's), IDT is always active and the IDTDATA resource class is in place. An IDTDATA profile record is only required for signed JWT tokens. If a signed token is needed then an IDTDATA needs to be defined.
When there is no covering IDTDATA class profile, RACROUTE will generate an IDT with the default values. An IDT created with the default values will be unsigned and accepted by any application name, and will have a timeout value of 5 minutes.