search cancel

IDTDATA for JWT Token Validation in Top Secret

book

Article ID: 227571

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

When validating a third party server generated Jason Web Token (JWT) for authentication, is it necessary to define an Identity Token Profile (IDTDATA)?
Is defining IDTDATA only needed if creating JWT TOKENS?

 

Environment

Release : 16.0

Component :

Resolution

Using Top Secret with  APAR LU00910, (plus current hyper's), IDT is always active and the IDTDATA resource class is in place.  An IDTDATA profile record is only required for signed JWT tokens.   If a signed token is needed then an IDTDATA needs to be defined.

When there is no covering IDTDATA class profile, RACROUTE will generate an IDT with the default values.  An IDT created with the default values will be unsigned and accepted by any application name, and will have a timeout value of 5 minutes.