Skip to main content

MC Configuration file sdk_config.jwt

The sdk_config.jwt file is only needed for the KOBIL Shift Lite solution. It is signed by AST Services.

via the KOBIL Portal

  1. Press 'Create SDK-Config'

  2. Add trusted TLS server certificates

Note: This trustedSslServerCerts files must be in PEM format, they can contain one or more certificates. See Trust Store Configuration for details on which certificates to put into the trust store. Note also that for simplicity, the different trust store entries can point to the same file.

  1. Use sdk_config.jwt in your app

The file is not readable without decoding the JWT structure. You can use services like https://jwt.io/ to read and check the values like URLs and trusted TLS server certificates.

Note: Be careful not to change file content and line/file endings, otherwise signature will be broken and cannot be used for Login.

Note: For additional details see KOBIL Portal documentation.

via cURL CLI

Note: All API requests described here require an authorization token. For guidance on obtaining authorization tokens, please refer to Getting Authorization Tokens.

Remember, when requesting an authorization token, use the subdomain idp, but for all requests related to your App or App Version, utilize the subdomain asts.

Add a User to Signers

If you have not already done so, add the desired user to the list of signers permitted to create JWT tokens:

curl -X 'POST' \
  'https://asts.your-environment.shift.company.com/v1/signers' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{   "tenant": "$yourTenantName",   "name": "$userId" }'

your-environment.shift.company.com needs to be replaced with the appropriate hostname of your environment. When obtaining an authorization token, use the subdomain idp; for all other requests, use the subdomain asts.
Replace $yourTenantName with the name of the tenant for which you are creating the JWT file.
$userId should be the unique user ID of the individual you want to authorize to sign JWT tokens. This ID should be in the form of a UUID, which serves to uniquely identify the user. It is important to note that this UUID is typically not visible to users directly but can be found within your IAM system, such as KOBIL IDP, where user management takes place.

Create a signed JWT file

When creating a signed JWT file, an essential component is the trusted certificate. To prepare it for use in the cURL request, follow these steps:

  1. If you have the certificate in a standard PEM file named Certificate.pem, proceed to the next step.
  2. Modify the formatting of the certificate by replacing the line breaks with the escape sequence \n. You can achieve this by executing the following command in your terminal: awk 'NF {sub(/\r/, ""); printf "%s\n",$0;}' Certificate.pem After formatting, remove the -----BEGIN CERTIFICATE-----\n and \n-----END CERTIFICATE-----\n lines from the file.

Once you have completed these steps, you are ready to perform a POST request in the following format to obtain the signed sdk_config.jwt:

curl -o sdk_config.jwt -X POST "https://asts.your-environment.shift.company.com/v1/tenants/$yourTenantName/sdkconfig" \
--header "content-type: application/json" \
--header "Authorization: Bearer $token" \
--data-binary "{
  \"tenant\": \"$tenant\",
  \"tlsBundle\": [ \"$Certificate\"
  ],
  \"astUrl\": \"https://asts.your-environment.shift.company.com\",
  \"services\": [
    {
        \"name\": \"astCa\",
        \"url\": \"https://asts.your-environment.shift.company.com\"
    },
    {
        \"name\": \"astLogin\",
        \"url\": \"https://asts.your-environment.shift.company.com\"
    },
    {
        \"name\": \"astManagement\",
        \"url\": \"https://asts.your-environment.shift.company.com\"
    },
    {
        \"name\": \"astProperties\",
        \"url\": \"https://asts.your-environment.shift.company.com\"
    },
    {
        \"name\": \"astStream\",
        \"url\": \"https://asts.your-environment.shift.company.com\"
    },
    {
        \"name\": \"astTms\",
        \"url\": \"https://asts.your-environment.shift.company.com\"
    },
    {
         \"name\": \"push\",
         \"url\": \"https://scp.your-environment.shift.company.com/notifier\"
    }
  ]
}"

your-environment.shift.company.com should be replaced with the appropriate hostname of your environment. Remember, when requesting an authorization token, use the subdomain idp, but for all other requests, use the subdomain asts.
$yourTenantName should be the name of the tenant for which you are creating the JWT file.
$token should be an authorization token belonging to a user who has the necessary permissions/roles to sign a JWT token.
$Certificate must be a certificate in the chain from the SSL certificate to the corresponding root CA. For more information on selecting the correct certificate, refer to this guide. Make sure it is provided in the format described above.