This lab is currently in Beta, content may be updated as we refine the material
LABBEGINNER

JWT Authentication with Conjur

Enable the Conjur authn-jwt authenticator, configure it against a local JWT issuer, then authenticate a workload with a signed JWT and fetch a secret.

45 minutes
JWT Authentication with Conjur - Platform Engineering Hands-On Lab Icon
Share this Lab

Lab Overview

In this lab you give a workload a JWT-based machine identity in Conjur OSS v1.24.0. You enable the authn-jwt authenticator, configure it to validate tokens against a local RSA issuer (no external identity provider required), define a workload host whose annotations map JWT claims to a Conjur identity, mint a JWT signed by the local key, exchange it for a short-lived Conjur access token, and use that token to fetch a permitted secret over the REST API. You also see how a token carrying the wrong claim is rejected. This builds directly on the canonical Conjur OSS Docker Compose deployment.

What You'll Learn

Enable the authn-jwt authenticator in Conjur OSS via the CONJUR_AUTHENTICATORS env and a webservice policy

Configure a JWT authenticator against a local RSA issuer using the public-keys variable (no external IdP)

Define a workload host whose annotations map JWT claims to a Conjur machine identity

Mint a JWT signed by the local key and exchange it for a short-lived Conjur access token

Use the access token to fetch a permitted secret, and observe a denied case with the wrong claim

Prerequisites

Completion of "Deploy Conjur OSS with Docker Compose" (or equivalent Conjur OSS deployment)

Familiarity with the Conjur CLI v8 and policy-as-code basics

Basic understanding of JWTs (claims, signing) and REST APIs

Technologies Covered

conjurcyberarksecrets-managementauthn-jwtjwtmachine-identitybeginner

Choose your plan

Simple, Transparent Pricing

Unlock full access to TeKanAid courses, labs, and bootcamps

Buying for a team? Private corporate training is available for up to 15 learners.View team training
MonthlyQuarterly
Try Premium free for 7 days →

Just exploring? Start free below. Want the full experience? Try Premium free for 7 days (card required, $0 today).

Pro

All courses, with lab scripts to run on your own machine

$59/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Full access to all courses
  • Lab scripts to download and run on your own machine (hosted labs not included)
  • Progress tracking
  • Certificate of completion
  • Community access
  • Bootcamp participation
  • New content access
Recommended

Premium

Full access, including unlimited hosted labs

$99/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Everything in Pro
  • Unlimited hands-on labs, fully hosted on TeKanAid Academy (nothing to set up)
  • Lab AI Assistant
  • Accelerator bootcamps with live office hours
  • Priority support

Prefer a single course?

Purchase individual courses for a one-time fee of $79. Full access to course content, quizzes, certificates, and community features, lab access is not included.

Browse Courses

Just exploring? Start free, no account needed

Three free ways to start. All bridge into the paid Premium catalog when you're ready.

Not ready to commit? The crash course is email-only. No academy account required.

Ready to Get Started?

Start this hands-on lab and build real-world Platform Engineering skills

Get Access Now