Certificate Validation
When the authentication service receives a JWT, it validates the certificates it contains. The certificates must comply with these rules:
- They represent a valid certificate chain, meaning the signing certificate must be signed with the intermediate certificate, which is signed with the root certificate.
- The root certificate is one of root certificates stored in the portal.
- The issuer (iss) JWT field contains the common names of the signing and intermediate certificates separated by a colon (:). For example, if the common name of the signing certificate is Textkernel Portal Certificate, then the iss value is Textkernel Portal Certificate:BH4Force Partner Services Intermediate CA.
- The iss value provided in the JWT matches the issuer specified in the portal environment (account) configuration. The name of the portal account is specified in the Account Name field of the Configuration custom metadata type record.
Was this helpful?
No