Search results

How to set up JWT for SSO authentication in Bold Reports

This section explains how to enable Single Sign-On (SSO) for users using the Custom JSON Web Token (JWT) in the Bold Reports application.

Steps to configure JWT in Bold Reports

Login with this URL {Bold Reports URL}/ums/administration using the admin credentials.
Click Authentication and then JWT.
Enable the JWT settings.

Provide the following details in the JWT settings.

Name	It represents the name of the JWT provider to be displayed on the login page.
Provider Logo	It represents the logo of the JWT provider to be displayed on the login page.
Remote Login URL	This is the endpoint of the JWT provider used to send the authorization request from the Bold Reports application.
Remote Logout URL	It is the endpoint of the JWT provider to send the logout request once the user logged out in the Bold Reports application.

After the values are saved, the application will generate a Signing Key. This signing key has to be used for signing JSON Web Tokens from your application.
The Signing Key can be copied, viewed, and reset using the following options:

How JWT works with Bold Reports

Once the JWT settings are configured, go to the Bold Reports login page and click the JWT login option; it will redirect to the configured application login URL.
After that, the application will generate the JSON Web Token for user and it is redirected back to Bold Reports call back URL {Bold Reports URL}/sso/jwt/callback?jwt={token}&site_identifier={site identifier}&redirect_to={redirecturl} with the encoded JWT in a query string.
The Bold Reports application will validate the JWT and deserialize the user information from the token.
From the user information, the Bold Reports application will check if the user’s email has access to the Bold Reports application already. If the user is already available in Bold Reports, it will authenticate the user.
If the user is not available in the Bold Reports server, it will add the user and authenticate to access the Bold Reports application.

JWT Callback URL

The JWT callback URL will validate the JWT response from the configured application.

Upon successful login to your configured application, users can be redirected to the specified URL.

{Bold Reports URL}/sso/jwt/callback?jwt={token}&site_identifier={site identifier}&redirect_to={redirecturl}

Parameter Required Comments

jwt Yes The JSON Web Token will be passed in this parameter, containing the JWT Payload

site_identifier

Parameter	Required	Comments
jwt	Yes	The JSON Web Token will be passed in this parameter, containing the JWT Payload
site_identifier	No	This parameter will be used to grant site access for the JWT user. If the JWT login accessed from the tenant, the Bold Reports login URL will redirect to your application with the tenant site identifier in the URL query string. You can use this identifier in the JWT response URL. Example Url`{Remote login URL}?site_identifier={site identifier}` NOTE: Only one site identifier should be passed. Passing more than one identifier is not allowed.
redirect_to	No	If this parameter is included in the JWT response, the user will be redirected to the corresponding page after the login process is completed.

This parameter will be used to grant site access for the JWT user.

If the JWT login accessed from the tenant, the Bold Reports login URL will redirect to your application with the tenant site identifier in the URL query string. You can use this identifier in the JWT response URL.

Example Url{Remote login URL}?site_identifier={site identifier}

NOTE: Only one site identifier should be passed. Passing more than one identifier is not allowed.

redirect_to No If this parameter is included in the JWT response, the user will be redirected to the corresponding page after the login process is completed.

Create JSON Web Token

To create the JWT, use HMAC-SHA256 as signing algorithm.

What parameters can be passed in the payload of JWT

JWT should include the following claims:

Parameter	Parameter Name	Value Type	Required	Comments
User Id	sub	string	Yes	Unique identifier of the user.
Email	email	string	Yes	Email address of the user.
First Name	first_name	string	Yes	First name of the user.
Last Name	last_name	string	No	Surname of the user.
Phone	phone	string	No	Phone number of the user.

JSON Web Token sample

Please refer to the following sample for how to generate the JWT.

private string GenerateJSONWebToken(UserModel userInfo)
{
    var signingKey = "signingkey";// Signing key value will copy from JWT Settings page
    var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(signingKey));
    var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);

    var claims = new[] {
        new Claim("sub", "420c5d51-1754-4a9b-b4b5-d5bfebb21b0f")
        new Claim("email", "john.doe@example.com"),
        new Claim("first_name", "Makila"),
        new Claim("last_name", "S"),
        new Claim("phone", "1234567890")
            };

    var token = new JwtSecurityToken(claims: claims,
                expires: DateTime.Now.AddMinutes(120),
                signingCredentials: credentials);

    return new JwtSecurityTokenHandler().WriteToken(token);
}

Contents

Steps to configure JWT in Bold Reports
How JWT works with Bold Reports
JWT Callback URL
Create JSON Web Token
What parameters can be passed in the payload of JWT
JSON Web Token sample

Having trouble getting help?Contact Support

Contents

Steps to configure JWT in Bold Reports
How JWT works with Bold Reports
JWT Callback URL
Create JSON Web Token
What parameters can be passed in the payload of JWT
JSON Web Token sample

Having trouble getting help?Contact Support

Please provide additional information

Thank you for your feedback and comments.We will rectify this as soon as possible!