Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Sign in to the WSO2 Identity Server. Enter your username and password to log on to the Management Console
  2. In the Identity Providers section under the Main tab of the management console, click Add.
  3. Provide the following values to configure the IDP:
    • Identity Provider Name: Enter a issuer name (this is used to generate the JWT assertion) as the identity provider name.
    • Identity Provider Public Certificate:   The certificate used to sign the JWT assertion. You can find more information about adding certificate in Configuring an Identity Provider.

    • Alias: Give the name of the alias if the Identity Provider identifies this token endpoint by an alias (e.g.,  https://localhost:9443/oauth2/token)
    See Adding a new identity provider for more information.

  4. Navigate to the Main menu to access the Identity menu. Click Add under Service Providers.
  5. Fill in the Service Provider Name and provide a brief Description of the service provider. See Adding a Service Provider for more information.
  6. Expand the OAuth/OpenID Connect Configuration and click Configure.
  7. Enter a Callback URL. For example, use http://localhost:8080/playground2/oauth2client and click Add.
  8. The OAuth Client Key and OAuth Client Secret will now be visible.
While configuring the JWT grant type, the IAT validating time period can also be configured in the identity.xml file.

IAT validity period is configured as 30 minutes by default. This can be modified by changing the value in the identity.xml file in <IS_HOME>/repository/conf as shown below.

Code Block
            <!-- Validate issued at time (iat) of JWT token. The validity can be set using 'IATValidity' configuration.
             Default value is 'true'.
            <!-- Reject the JWT if the iat of JWT is pass a certain time period. Time period is in minutes.
             'EnableIATValidation' configuration should be set to 'true' in order to make use of the validity period.
             Default value is '30' minutes.