Tuesday, October 25, 2022

Things I learned at IDUG on JSON Web Token support in Db2

JSON Web Token support in Db2
Right now, I am at the IDUG 2022 EMEA Db2 Tech Conference in Edinburgh, Scotland. It's great to have an in-person event again, to network and to discuss. This year, there are many sessions covering Db2 security and they are well-attended. Database security seems to be (more) popular, now. In the past, I have blogged about JSON Web Tokens (JWT) and Db2. They allow a Single Sign-On (SSO) integration of Db2.

Here, at the conference, I learned about some JWT-related Db2 features which I wanted to share:

  • The Db2 problem determination tool, db2pd, has an authntokencfg parameter. It allows to dump the in-memory information of the authentication token configuration. Thus, you can compare your stored configuration file (which you think might be active) and what Db2 actually has in use.
  • When using database federation with Db2, you can use SSO_AUTH to tell Db2 to pass on any received authentication server to other database servers. See Single Sign-on based on JWT for some background reading and examples of JWT-based authentication and the new option to the CREATE SERVER statement.

That's my quick update from the IDUG conference. If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.