JSON Web Token for Securing In-House Content

You can configure a JSON Web Token (JWT) in Jamf Pro to secure downloads of in-house apps and in-house books hosted on a web server. After the JWT is configured, in-house apps and books can only be downloaded on managed computers and mobile devices and within the time period you specify.

Note: In-house apps and books must be hosted on the web same server that is configured for JWT authentication.

The JWT is generated using the RS256 algorithm, is signed with the RSA private key provided in the configuration, and has the following claims:

  • "sub" (subject) of "AppManifest"

  • "iss" (issuer) of "JSS"

  • "exp" (expiration) configurable in the JSON Web Token Configuration settings

After configuring the JWT, the administrator of the web server must perform further setup to ensure the server validates the request using the JWT "token" query parameter.

Important: Until the web server validates the requests, unsecured downloads of in-house apps and books may still be possible.

Configuring a JSON Web Token

  1. Log in to Jamf Pro.

  2. Click Settings.

  3. Click Global Management.

  4. Click PKI Certificates.

  5. Click the JSON Web Token Configuration tab.

  6. Click New.

  7. Enter a display name for the token.

  8. Select one of the following encryption key options:

    1. Choose Paste or Type Encryption Key, then enter the RSA private encryption key in the Paste the Encryption Key Below field.

    2. Choose Upload Encryption Key File, then click Choose File to upload a .pem file containing the RSA private encryption key.

  9. From the Token Expiry pop-up menu, select a time period during which in-house apps and books can be downloaded. After the specified time period, in-house apps and books can no longer be downloaded.

  10. Click Save.

When Jamf Pro sends the device a command to install an in-house app or ebook, a new JWT is generated and added to the download URL as a "token" query parameter.

For example, https://example.com/download/example_app.ipa

becomes

https://example.com/download/example_app.ipa?token=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJBcHBNYW5pZmVzdCIsImlzcyI6IkpTUyIsImV4cCI6MTUwMzMyNDMxNH0.SeoxBY0EaCf4KV3UOyDMmu.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.