Authentication Profile Parameters

An authentication profile stores authentication data for use with the Integration node and Task Export and Import. These parameters apply when you create or edit an authentication profile.

For more information on authentication profiles, see Authentication.

Opening the dialog

From the Manage menu, select Authentication.
From the tabs at the top of the screen, select the authentication type:
- Basic
- Certificate
- OAuth2
A basic authentication profile is appropriate for basic and digest authentication types.
Click the create button in the top-right corner.

Where the authentication type is OAuth2, click the down arrow to the right of the create button and select from the options: client credentials grant, password credentials grant, and JWT bearer grant.
Fill in the properties.

Name

The display name of the authentication profile.

Notes

Displays with the display name in the list of authentication profiles.

Parameters for a Basic Authentication Profile

Fill in the Username and Password fields.

Parameters for Client Credentials Grant

Fill in the parameters as required.

Auth URL
Client ID
Client Secret
Default Token Expiration (seconds)

Studio uses the Default Token Expiration (seconds) value only if the expiration time is missing from the return payload or cannot be decoded from the JWT token. Studio reuses the token until a new one is fetched close to the expiration time. The value range is from 300 to 86400. Enter 300 if you are unsure.
Custom Headers (key-value pairs)
Scope

Select to supply the parameters in the HTTP authorization header or the request body as appropriate for the authentication profile.

You can test the authentication profile to ensure the details are valid. If the test fails, the display indicates which parameters need correction.

Parameters for Password Credentials Grant

Fill in the parameters as required.

Auth URL
Username
Password
Client ID
Client Secret
Default Token Expiration (seconds)

Studio uses the Default Token Expiration (seconds) value only if the expiration time is missing from the return payload or cannot be decoded from the JWT token. Studio reuses the token until a new one is fetched close to the expiration time. The value range is from 300 to 86400. Enter 300 if you are unsure.
Custom Headers (key-value pairs)
Scope

Select to supply the parameters in the HTTP authorization header or the request body as appropriate for the authentication profile.

You can test the authentication profile to ensure the details are valid. If the test fails, the display indicates which parameters need correction.

Parameters for JWT Bearer Grant

Fill in the JSON Web Token claims.

Type	JWT as Authorization Grant	JWT for Client Authentication
Fields	Issuer Audience Default Token Expiration (seconds) Subject Custom Headers (key-value pairs) Key Key Signature Key Password Additional Claims	Client Id Audience Default Token Expiration (seconds) Custom Headers (key-value pairs) Key Key Signature Key Password Additional Claims

Further information on the token claims for JWT Bearer Grant follows.

Claims	Description
Audience	Audience equals the token endpoint if you are not uploading a service provider JSON file. If you are uploading a service provider JSON file then as follows: Specify the token endpoint in the token_uri field. If your authentication provider gives you an audience claim different to the token endpoint, add that value as the aud claim in additional claims.
Default Token Expiration (Seconds)	Studio uses the default token expiration value only if the expiration time is missing from the return payload or cannot be decoded from the JWT token. Studio reuses the token until a new one is fetched close to the expiration time. The value range is from 300 to 86400. Enter 300 if you are unsure.
Additional Claims	Use additional claims if the authentication server receiving the request requires claims not listed above. For more information on claims, see JSON Web Token Claims.

Claims

Description

Audience

Audience equals the token endpoint if you are not uploading a service provider JSON file.

If you are uploading a service provider JSON file then as follows:

Specify the token endpoint in the token_uri field.
If your authentication provider gives you an audience claim different to the token endpoint, add that value as the aud claim in additional claims.

Default Token Expiration (Seconds)

Studio uses the default token expiration value only if the expiration time is missing from the return payload or cannot be decoded from the JWT token. Studio reuses the token until a new one is fetched close to the expiration time. The value range is from 300 to 86400. Enter 300 if you are unsure.

Additional Claims

Use additional claims if the authentication server receiving the request requires claims not listed above.

For more information on claims, see JSON Web Token Claims.

Note:

You can test the authentication profile to ensure the details are valid. If the test fails, the display indicates which parameters need correction.

The access token returned by the authentication server might or might not be in a JWT format. For instance, Google's access token is a proprietary encrypted string (not JWT) that only Google can decode. In contrast, an ID token (with information on the logged in user) is always in JWT format and even though the payload can be read directly (using for example https://jwt.io/) the authenticity of the information is validated against the signature of JWT.

Resource Server and Authentication Server Certificates

Tab	Description
Resource Server	Use to access a resource through the integration node. See Integration. Add the SSL certificate or key to the integration node in addition to or instead of the authentication profile. The SSL certificate or key added to the integration node takes precedence over that added to the authentication profile.
Authentication Server	Use within the authentication profile to fetch or copy a token.

Tab

Description

Resource Server

Use to access a resource through the integration node. See Integration.

Add the SSL certificate or key to the integration node in addition to or instead of the authentication profile. The SSL certificate or key added to the integration node takes precedence over that added to the authentication profile.

Authentication Server

Use within the authentication profile to fetch or copy a token.

These parameters are applicable to resource server and authentication server certificates.

Parameter	Description
SSL Certificate	Where applicable, add an SSL certificate and password to the profile. Click the Resource Server Certificate or Authentication Server Certificate tab. Drop the SSL certificate in the space provided. Where applicable, enter the SSL certificate password.
SSL Key	Where applicable, add an SSL key and password to the profile. Click the Resource Server Certificate or Authentication Server Certificate tab. Drop the SSL key in the space provided. Where applicable, enter the SSL key password.

Parameter

Description

SSL Certificate

Where applicable, add an SSL certificate and password to the profile.

Click the Resource Server Certificate or Authentication Server Certificate tab.
Drop the SSL certificate in the space provided.
Where applicable, enter the SSL certificate password.

SSL Key

Where applicable, add an SSL key and password to the profile.

Click the Resource Server Certificate or Authentication Server Certificate tab.
Drop the SSL key in the space provided.
Where applicable, enter the SSL key password.

Note:

Studio supports mutual TLS authentication where:

The public API service identifies itself with a certificate from a public certificate authority.

Studio identifies itself with a certificate provided by the customer and provisioned into the customers tenancy. This certificate can be issued by public or private certificate authorities.

Studio does not validate the certificate chain of the customer provided client certificate. The certificate expiry must be customer managed.