How Do I Configure Active Directory JWT Authentication for AgilePoint NX v8.x?

Background and Setup

Prerequisites

AgilePoint NX OnPremises or AgilePoint NX PrivateCloud v8.x and lower.
JWT authentication is not supported in AgilePoint NX versions lower than v7.0 Software Update 2.
Active Directory JWT authentication is configured by default in AgilePoint NX v9.0 and higher. However, it still must be configured for the AgilePoint NX Mobile App.
For more information, refer to Configure Active Directory JWT Authentication for Mobile and SharePoint.

Good to Know

JWT authentication uses a bearer token instead of basic authentication for Active Directory.
Basic authentication is the default method for Active Directory authentication to AgilePoint NX v8.x and lower. Basic authentication uses a header in the format Authorization: Basic <credentials>.

Configure AgilePoint Server

To configure AgilePoint Server to support Active Directory JWT authentication, do the procedure in this topic.

How to Start

On the AgilePoint Server machine, open the file (AgilePoint Server instance installation folder) C:\Program Files\AgilePoint\AgilePointServerInstance\bin\Ascentn.AgilePoint.WCFService.exe.config.

Procedure

In the file Ascentn.AgilePoint.WCFService.exe.config, add or change this key.

Field Name	Definition
ADAuthToJwt_AllowedAudiences	Description: Specifies the audience for the JSON Web Token (JWT). The audience must be your AgilePoint NX Portal instance. Allowed Values: An appSettings key in the following format: <add key="ADAuthToJwt_AllowedAudiences" value="[your AgilePoint NX Portal instance URL]" /> For more information, refer to Find your Portal Instance URL. Default Value: None Example: <add key="ADAuthToJwt_AllowedAudiences" value="https://mynxportal:443" />

Field Name

Definition

ADAuthToJwt_AllowedAudiences

Description:

Specifies the audience for the JSON Web Token (JWT).

The audience must be your AgilePoint NX Portal instance.

Allowed Values:

An appSettings key in the following format:

For more information, refer to Find your Portal Instance URL.

Default Value:

None

Example:

Do one of these:

In the file Ascentn.AgilePoint.WCFService.exe.config, add or change this key.

Field Name	Definition
ADAuthToJwt_SigningSecretKey	Description: Specifies the secret key to sign the JSON Web Token (JWT). Allowed Values: An appSettings key in the following format: <add key="ADAuthToJwt_SigningSecretKey" value="[a string to sign the token]" /> The string value must be greater than or equal to 16 characters. Default Value: None Example: <add key="ADAuthToJwt_SigningSecretKey" value="mysigningsecretkey" />

If you do not want to use ADAuthToJwt_SigningSecretKey token signing secret key in the Ascentn.AgilePoint.WCFService.exe.config file, do this.

Create a certificate.
You can get a certificate from the authority or you can create a self-signed certification, and use it.

Use makecert.exe to create a self-signed certificate.
On the AgilePoint Server machine, install the certificate.

In the file Ascentn.AgilePoint.WCFService.exe.config, add or change this key.

Field Name	Definition
ADAuthToJwt_SigningCertificateSubject	Description: Specifies the subject line of the certificate used to sign the JSON Web Token (JWT). Allowed Values: An appSettings key in the following format: <add key="ADAuthToJwt_SigningCertificateSubject" value="[subject line of the certificate - can have spaces]" /> Default Value: None Example: <add key="ADAuthToJwt_SigningCertificateSubject" value="My Token Signing Certificate" />

Restart the AgilePoint Server instance.
For more information, refer to Restarting AgilePoint Server and AgilePoint Portal.

Configure AgilePoint Portal

To configure AgilePoint Portal to support Active Directory JWT authentication, do the procedure in this topic.

How to Start

On your AgilePoint Server machine, open the file (NX Portal installation folder - v8.0 and lower) C:\Program Files\AgilePoint\AgilePointWebApplication\AgilePointPortal\web.config

Procedure

In the file web.config, add or change these keys.

Field Name	Definition
EnableJWTAuthentication	Description: Specifies whether to use JSON Web Token (JWT) for Active Directory authentication as an alternative to the basic authentication. Allowed Values: An appSettings key in the following format: <add key="EnableJWTAuthentication" value="[true/false]" /> true - Specifies JWT authentication for Active Directory. false - Specifies basic authentication for Active Directory. Default Value: false Example: <add key="EnableJWTAuthentication" value="true" />
portalurl	Description: Specifies the AgilePoint Portal Instance URL. Allowed Values: A globalVariables key in this format: "portalurl": "[AgilePoint Portal Instance URL]" For more information, refer to Find your Portal Instance URL. Default Value: None Example: "portalurl": "https://mynxportal:443"

Field Name

Definition

EnableJWTAuthentication

Description:

Specifies whether to use JSON Web Token (JWT) for Active Directory authentication as an alternative to the basic authentication.

Allowed Values:

An appSettings key in the following format:

true - Specifies JWT authentication for Active Directory.
false - Specifies basic authentication for Active Directory.

Default Value:

false

Example:

portalurl

Description:

Specifies the AgilePoint Portal Instance URL.

Allowed Values:

A globalVariables key in this format:

"portalurl": "[AgilePoint Portal Instance URL]"

For more information, refer to Find your Portal Instance URL.

Default Value:

None

Example:

"portalurl": "https://mynxportal:443"

Reset IIS.