At present, configuring a Token mainly refers to configuring a shared key for a to get token.

Configure the shared secret

The Token generated by SuperMap iServer is the encrypted information string generated by the shared key. The shared key is used to encrypt the user information for generating Token. The more complex the shared key, the more secure the Token.

When setting the Token shared key, you need to log in to the service management server. Access the Security -> Security Config page (http://localhost:8090/iserver/admin-ui/security/securityConfig) to view the current shared key of the Token or modify the shared key of the Token. The Generate key button on the page can help you generate a shared key. Click Save to validate the newly created shared key.

Suggestions for setting the Token shared key:

  • The length of the shared secret should be set to at least 16 characters. Any character can be used, including non-alphanumeric characters.
  • It is recommended that you use a random sequence of characters as the shared secret key. Since there is no need to remember the shared key or use it elsewhere, a complex shared key is not an inconvenience.
  • If the shared key is changed, all tokens already applied will be invalid, and the web application created by the client needs to reapply for tokens and update the program to access the service again.
  • In a highly secure environment, it is recommended that the Token shared key should be changed periodically.