...
Each token contains information about the issuer, audience, expiry time and signing credentials for the token. The only claim included in the token is the windows username of the user (Example: kodi\marvin).
It may be necessary to add a binding in IIS for a fully qualified host name such as kodiak-dev.kodi.internal as opposed to simply kodiak-dev. This is done by choosing “Default Web Site” → Bindings → Add
There you should choose Type: https, enter the Host name and select the correct certificate.
...
Examples
To get a token through a browser, simply navigate to https://kodiak-dev.kodi.internal/token-issuer-iis/create and sign in using your windows credentials.
...
Code Block | ||
---|---|---|
| ||
app.UseKodiakTokenValidation({publicKeyString}, public key string, issuer, audience, name of project service, database connection string, SqlServer or Oracle ); |
Example:
Code Block | ||
---|---|---|
| ||
app.UseKodiakTokenValidation( "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMI...-----END PUBLIC KEY-----", "https://kodiak-dev.kodi.internal/token-issuer-iis/", .is", "https://kodiak.is/", "{serviceName} "RequestForQuoteService", "{omsConnectionString}", "SqlServer | Oracle"); "Server=kodi-mssql;Initial Catalog=CATALOG;User Id=user;Password=pass;", "SqlServer" ); |
Example request to service using the Token Authenticator
Code Block |
---|
wc.Headers[HttpRequestHeader.ContentType] = "application/json";
wc.Headers[HttpRequestHeader.Authorization] = "Bearer " + Kodi.Kodiak.Client.Settings.Context.KodiakServiceToken;
var response = await wc.UploadStringTaskAsync(Kodi.Kodiak.Client.Settings.Context.QuoteServerUrl + "api/quotes", json);
CreateQuoteResponse createQuoteResponse = JsonConvert.DeserializeObject<CreateQuoteResponse>(response); |
Deployment
Jenkins:
https://jenkins.livemarketdata.com/view/.Net/view/KODIAK OMS/view/Kodiak Token Issuer/
Octopus:
https://kodiak.octopus.app/app#/Spaces-1/projects/kodiak-token-issuer/deployments
Release to test
To deploy to a new tenant on a test environment, the tenant first needs to be connected to the project on Octopus Deploy.
The release to test builds use the kodiak_token_issuer_release build. For a new test build, simply copy one of the projects in the release to test folder and replace ‘tenant’ in the ‘Execute shell’ script with the correct tenant.
To see if the token issuer is working correctly, go to http://localhost/token-issuer-iis/create on the target machine. If it returns a token on the form {“token”: “{{jwt_token}}”}, everything should be good to go.
If http://localhost/token-issuer-iis/create returns:
-> HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
You will need to install dotnet 8 on the machine: