Lab 10 - Configure JWT
By default, the Domino REST API uses a random symmetric JWT signing key that’s changed each time the API service restarts. This approach works fine for testing and single-server use. However, it's not suitable for multi-server operation or for IdP use.
What you will learn
- Understanding how Domino REST API configuration works.
- Additional endpoints other than port 8880
- How to use the Management console.
Before you begin
Your Domino server must be running.
Procedure
-
Access http://localhost:8889.
-
Enter a name in the Certificate Name field, and click Create IdP Certificate.
Note
The entered name should have no spaces or special characters.
-
Restart Domino REST API.
How to verify
-
Check the
keepconfig.d
directory. You should see new files matching the entered certificate name.For example, if you entered
KeepLabIdP
as your certificate name, you should see the following files inkeepconfig.d
:KeepLabIdP.json
KeepLabIdP.cert.pem
KeepLabIdP.private.key.pem
KeepLabIdP.public.key.pem
-
After restarting Domino REST API, the JWT provider changes. For more information, see Log in to the REST API.
When you copy these files to another server, the JWT issued by the first server will be recognized and accepted by the second server as well. This extends to the Domino HTTP task if the core Domino is configured for JWT.
Check http://localhost:8880/.well-known/openid-configuration
.
Things to explore
-
Copy the generated files to another server and try cross login.
Next step
Proceed to Lab 11 - Domino REST API Configuration.