Enterprise Manager logoEM: Security > Authentication Tokens

Description

The Authentication Tokens panel in Enterprise Manager provides a centralized view of all active JWT session tokens issued to users within the system. Administrators can filter tokens by expiration criteria, identify the currently active session (highlighted in red), and manage token life-cycles to maintain secure user authentication across the BBj environment. The panel includes an Info String column that displays the value of the JWT payload’s info-string key. Double-clicking a token entry displays the full payload contents; however, the actual JWT value itself is not shown for security purposes. See: BBjAdmin TokenInfo Javadoc.

Location

Enterprise Manager logoEM NavigatorSecurityAuthentication Tokens

Toolbar

Button Function
Adds a new entry and opens new application.
Removes/deletes selected application(s) or files from the system.
refresh button

Refreshes the displayed list of applications and their status.

Create Authentication Token

To create an authentication token, click icon to open the Create Authentication Token dialog. The panel provides administrators with a secure method to generate time-bound tokens for JDBC, ODBC, and Admin API connections. Token generation requires valid user credentials, with optional payload parameters to extend functionality through name-value pairs. Expiration settings define the token’s validity period, ensuring controlled access and compliance with security policies. See: BBjAdminRemoteWrapper Javadoc.

Authentication tokens are issued as JWTs (JSON Web Tokens). Optional payload values, including the info-string attribute, may be defined when creating a token through the Enterprise Manager UI or programmatically using the Admin API. When a token entry is double-clicked in the Active Authentication Tokens list, the full payload contents are displayed. For security purposes, the actual encoded JWT value is not visible.

Create Authentication Token Settings

Settings Descriptions
Username Specifies the account identifier required to associate the generated authentication token with a valid user.
Password Collects the account password used to authenticate the specified username before generating the authentication token.
Expiration(minutes) Sets the token’s validity period in minutes, after which the generated authentication token automatically expires and is no longer accepted.
Optional Payload Accepts comma-separated name=value pairs to attach application-specific payload attributes to the generated token, which are stored with and retrievable via the Admin API. See: BBjAdmin TokenInfo Javadoc.
Authentication Token Contains the generated authentication token value for use in authorized client connections and Admin API requests.
Generate Token Generates a new authentication token using the supplied username and password, optional payload, and expiration settings for JDBC, ODBC, and Admin API connections.

Creating Tokens Using the Admin API

Authentication tokens may also be created programmatically using the Admin API. The info-string payload value can be set when generating the token.

An authentication token may be used in place of a username and password when connecting to the Admin API, JDBC Driver, or ODBC Driver. When using a token for authentication, provide the token value as the username and leave the password field empty.

payload! = new Map()

payload!.put("info-string", "My Info String")

token! = BBjAdminFactory.getAuthToken("admin", "admin123", payload!)

Active Authentication Tokens: More Options Dropdown

To create an authentication token, click the green plus button in the upper-right corner to open the Create Authentication Token dialog. The panel provides administrators with a secure method to generate time-bound tokens for JDBC, ODBC, and Admin API connections. Token generation requires valid user credentials, with optional payload parameters to extend functionality through name–value pairs. Expiration settings define the token’s validity period, ensuring controlled access and compliance with security policies.

Active Authentication Tokens: More Options Dropdown Settings

Settings Description
Refresh Rate Sets the automatic refresh interval for the data table. Selecting a time value (3, 5, 10, or 15 seconds) updates the data at the specified interval. Selecting Manual disables auto-refresh, requiring the user to manually reload the data.
Use Filter

  • When unchecked, disables all associated filter inputs, rendering the fields non-editable and preventing filter execution, regardless of any configured criteria.

  • When checked, enables the filter controls, allowing users to define one or more filtering conditions by selecting a field (Public Key ID), a comparison operator (equals, contains, less than, and regex etc.), and a corresponding input value. The filtering logic may be expanded with compound conditions using logical operators such as AND or OR.
Token Filter Criteria

The Token Filter Criteria section optimizes token management by allowing administrators to filter authentication tokens using attribute fields like User, Issued At, and Expiration, ensuring efficient session oversight within Enterprise Manager.

Settings Description
User Identifies the account owner of the authentication token, allowing administrators to filter token records by the associated user.
Issued At Indicates the timestamp when the authentication token was created, enabling filters based on issuance time.
Expiration Defines the timestamp when the authentication token becomes invalid, allowing filters based on token expiry.
Comparison Dropdown

Conditional operator(s) used to evaluate the selected column against the input value in the filtering row. Options include equals, greater than, less than, contains, and regex. Used together with the field selector and value input to build precise filter expressions when the Use Filter checkbox is enabled.

Settings Description
equals Matches records where the selected column’s value is exactly the same as the input value.
greater than Matches records where the selected column’s value exceeds the specified input value.
less than Matches records where the selected column’s value is lower than the specified input value.
contains Matches records where the selected column’s value includes the specified sequence of characters.
regex Filters records using a regular expression pattern, enabling advanced, rule-based text matching in the selected column.
Filter Value Field Defines the user-specified target value that must match the selected filter column and comparison condition when the filter is applied.
Logical Operator Dropdown

Defines the logical relationship between multiple filter conditions in the filter panel, available options: None, AND, and OR, determine whether additional criteria are ignored, combined with AND, or evaluated with OR logic.

Settings Description
None Selects no option for the control, leaving the related feature inactive and applying no additional behavior.
AND Applies logical conjunction to the active filters so a token record appears only when all selected conditions are true.
OR Applies logical disjunction to the active filters so a token record is returned when any selected condition is true.

Active Authentication Tokens: Tokens Detail

The Token Details presents a structured view of generated authentication tokens and their key attributes. Each entry identifies the associated user, the exact issuance time, and the configured expiration to enable precise monitoring of token validity. This information allows administrators to manage session life-cycles effectively and ensure compliance with security controls.

Active Authentication Tokens: Column Settings

Column Description
User Identifies the account to which the authentication token is assigned, enabling tracking and management of tokens by user identity.
Issued At Records the timestamp when the authentication token was issued, enabling time-based auditing.
Expiration Indicates the timestamp when the authentication token expires, enabling validity and audit control.
Info String Displays the value of the JWT payload’s info-string key associated with the authentication token.

Active Tokens

Displays the total number of currently active authentication tokens in the system.

See Also

BBjAdminBase

Public Private Keys

Settings