Session authn. with JWT in URL
17.4.3.5.3.2. Example 1: Authenticate Airlock IAM Loginapp session with JWT in URL 

The JWT ticket used in this example contains the following data (and a signature):

Example JWT Ticket

{
  "typ": "JWT",
  "alg": "HS512"
}
{
  "sub": "jdoe",
  "nbf": 1518002352,
  "roles": "authenticated",
  "iss": "Airlock IAM",
  "exp": 1518002362,
  "iat": 1518002357,
  "jti": "b8703462-0980-4d90-a51f-fb40f3fda8e3",
  "seclevel": "-1"
}

In an URL, the ticket would be used as follows (JWT value truncated):

https://my.host.com/iam/check-login?lang=de&sso=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIi...

This sample JWT was generated by the "SSO Ticket Identity Propagator" plugin. Use any JWT library or tool to generate a valid JWT.

Check the documentation of the "JWT Ticket Decoder" plugin to see what claims (attributes), signature- and encryption algorithms are supported.

Not all claims (attributes) shown in the sample JWT are required. The configuration of the JWT-validating plugin (see below) defines the set of required claims.