Configure Active Directory JWT Authentication for Mobile and SharePoint

To enable Active Directory JWT authentication to sign in to the AgilePoint NX Mobile App and SharePoint on-premises, do the procedure in this topic.

Background and Setup

AgilePoint NX OnPremises or AgilePoint NX PrivateCloud v9.0 and higher.
Active Directory JWT authentication is configured by default in AgilePoint NX v9.0 and higher. However, it still must be configured for the AgilePoint NX Mobile App.

Basic authentication is the default method for Active Directory authentication to AgilePoint NX v8.x and lower.
For more information, refer to How Do I Configure Active Directory JWT Authentication for AgilePoint NX v8.x?.
This topic applies for the following apps:
- AgilePoint NX Mobile App
- SharePoint on-premises

To configure AgilePoint Server to support Active Directory JWT authentication, do the procedure in this topic.

On the AgilePoint Server machine, open the file (AgilePoint Server instance installation folder) C:\Program Files\AgilePoint\AgilePointServerInstance\bin\Ascentn.AgilePoint.WCFService.exe.config.

In the file Ascentn.AgilePoint.WCFService.exe.config, add or change this key.

Field Name	Definition
ADAuthToJwt_AllowedAudiences	Description: Specifies the audience for the JSON Web Token (JWT). The audience must be your AgilePoint NX Portal instance. Allowed Values: An appSettings key in the following format: <add key="ADAuthToJwt_AllowedAudiences" value="[your AgilePoint NX Portal instance URL]" /> For more information, refer to Find your Portal Instance URL. Default Value: None Example: <add key="ADAuthToJwt_AllowedAudiences" value="https://mynxportal:443" />

Field Name

Definition

ADAuthToJwt_AllowedAudiences

Description:

Specifies the audience for the JSON Web Token (JWT).

The audience must be your AgilePoint NX Portal instance.

Allowed Values:

An appSettings key in the following format:

For more information, refer to Find your Portal Instance URL.

Default Value:

None

Example:

Do one of these:

In the file Ascentn.AgilePoint.WCFService.exe.config, add or change this key.

Field Name	Definition
ADAuthToJwt_SigningSecretKey	Description: Specifies the secret key to sign the JSON Web Token (JWT). Allowed Values: An appSettings key in the following format: <add key="ADAuthToJwt_SigningSecretKey" value="[a string to sign the token]" /> The string value must be greater than or equal to 16 characters. Default Value: None Example: <add key="ADAuthToJwt_SigningSecretKey" value="mysigningsecretkey" />

If you do not want to use ADAuthToJwt_SigningSecretKey token signing secret key in the Ascentn.AgilePoint.WCFService.exe.config file, do this.

Create a certificate.
You can get a certificate from the authority or you can create a self-signed certification, and use it.

Use makecert.exe to create a self-signed certificate.
On the AgilePoint Server machine, install the certificate.

In the file Ascentn.AgilePoint.WCFService.exe.config, add or change this key.

Field Name	Definition
ADAuthToJwt_SigningCertificateSubject	Description: Specifies the subject line of the certificate used to sign the JSON Web Token (JWT). Allowed Values: An appSettings key in the following format: <add key="ADAuthToJwt_SigningCertificateSubject" value="[subject line of the certificate - can have spaces]" /> Default Value: None Example: <add key="ADAuthToJwt_SigningCertificateSubject" value="My Token Signing Certificate" />

Restart the AgilePoint Server instance.
For more information, refer to Restarting AgilePoint Server and AgilePoint Portal.