Table of Contents

Search

  1. Preface
  2. Connectors and connections
  3. Connection configuration
  4. Connection properties
  5. Swagger file generation for REST V2 connections

Data Integration Connections

Data Integration Connections

JWT bearer token authentication

JWT bearer token authentication

When you set up a REST V2 connection, you must configure the connection properties.
The following table describes the REST V2 connection properties when you use JWT bearer token authentication:
Connection property
Description
JWT Header
JWT header in JSON format.
Sample:
{
"alg":"RS256",
"kid":"xxyyzz"
}
You can configure
HS256
and
RS256
algorithms.
JWT Payload
JWT payload in JSON format.
Sample:
{
"iss":"abc",
"sub":"678",
"aud":"https://api.box.com/oauth2/token",
"box_sub_type":"enterprise",
"exp":"120"
,
"jti":"3ee9364e"
}
The expiry time represented as
exp
is the relative time in seconds. The expiry time is calculated in the UTC format from the token issuer time (
iat
).
When
iat
is defined in the payload and the expiry time is reached, mappings and Generate Access Token will fail. To generate a new access token, you must provide a valid
iat
in the payload.
If
iat
is not defined in the payload, the expiry time is calculated from the current timestamp.
To pass the expiry time as a string value, enclose the value with double quotes. For example:
"exp":"120"
,
To pass the expiry time as an integer value, do not enclose the value with double quotes. For example:
"exp":120
,
Authorization Server
Access token URL configured in your application.
Authorization Advanced Properties
Additional parameters to use with the access token URL. Parameters must be defined in the JSON format. For example:
[\{"Name":"client_id","Value":"abc"},\{"Name":"client_secret","Value":"abc"}]
TrustStore File Path
The absolute path of the truststore file that contains the TLS certificate to establish a one-way or two-way secure connection with the REST API. Specify a directory path that is available on each Secure Agent machine in the runtime environment.
You can also configure the truststore file name and password as a JVM option or import the certificate to the following directory:
<Secure Agent installation directory\jre\lib\security\cacerts
.
For the serverless runtime environment, specify the truststore file path in the serverless agent directory.
For example: /data2/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
TrustStore Password
The password for the truststore file that contains the SSL certificate.
You can also configure the truststore password as a JVM option.
KeyStore File Path
Mandatory. The absolute path of the keystore file that contains the keys and certificates required to establish a two-way secure communication with the REST API. Specify a directory path that is available on each Secure Agent machine in the runtime environment.
You can also configure the keystore file name and location as a JVM option or import the certificate to any directory.
For the serverless runtime environment, specify the keystore file path in the serverless agent directory.
For example: /data2/home/cldagnt/SystemAgent/serverless/configurations/ssl_store/<cert_name>.jks
KeyStore Password
Mandatory. The password for the keystore file required for secure communication.
You can also configure the keystore password as a JVM option.
Private Key Alias
Mandatory. Alias name of the private key used to sign the JWT payload.
Private Key Password
Mandatory. The password for the keystore file required for secure communication. The private key password must be same as the keystore password.
Access Token
Enter the access token value or click
Generate Access Token
to populate the access token value.
To pass the generate access token call through a proxy server, you must configure an unauthenticated proxy server at the Secure Agent level. The REST V2 connection-level proxy configuration does not apply to the generate access token call.
Swagger File Path
The absolute path along with the file name or the hosted URL of the swagger specification file. The hosted URL must return the content of the file without prompting for further authentication and redirection.
If you provide the absolute path of the swagger specification file, the swagger specification file must be located on the machine that hosts the Secure Agent. The user must have the read permission for the folder and the specification file. Example:
C:\swagger\sampleSwagger.json
Proxy Type
Type of proxy. You can select one of the following options:
  • No Proxy: Bypasses the proxy server configured at the agent or the connection level.
  • Platform Proxy: Proxy configured at the agent level is considered.
  • Custom Proxy: Proxy configured at the connection level is considered.
Proxy Configuration
The proxy configuration format:
<host>:<port>
You cannot configure an authenticated proxy server.
Advanced Fields
Enter the arguments that the Secure Agent uses when connecting to a REST endpoint. You can specify the following arguments, each separated by a semicolon (
;
):
ConnectionTimeout
: The wait time in milliseconds to get a response from a REST endpoint. The connection ends after the connection timeout is over. Default is the timeout defined in the endpoint API.
If you define both the REST V2 connection timeout and the endpoint API timeout, the connection ends at the shortest defined timeout.
connectiondelaytime
: The delay time in milliseconds to send a request to a REST endpoint. Default is 10000.
retryattempts
: Number of times the connection is attempted when 400 and 500 series error codes are returned in the response. Default is 3. Specify 0 to disable the retry attempts.
qualifiedSchema
: Specifies if the schema selected is qualified or unqualified. Default is false.
Example:
connectiondelaytime:10000;retryattempts:5
The
HS256
algorithm support in
JWT Header
is available for preview. Preview functionality is supported for evaluation purposes but is unwarranted and is not production-ready. Informatica recommends that you use in non-production environments only. Informatica intends to include the preview functionality in an upcoming release for production use, but might choose not to in accordance with changing market or technical circumstances. For more information, contact Informatica Global Customer Support. To use the functionality, your organization must have the appropriate licenses.