Expert Settings

Control API cookie name

The control API cookie name can be adapted if the default does not fit customer needs:

Default: SecurityGateway * ControlCookieName "AL_CONTROL"

Airlock Gateway support does not recommend changing the control API cookie name - this is usually a source of confusions.

Disabling session cookie renewal when adding roles

By default the session cookie is renewed when a session credential is added by a control API command. This behavior can be disabled for credentials matching the regular expression below. This expert setting must be used with caution, because when used incorrectly, session fixation and similar attacks are possible.

Default: SecurityGateway * SessionRenewalCredentialException.Pattern "^$"

Restricting the roles which can be added/removed

Following pattern restricts the roles which can be added/removed by control API. No restriction is applied if the resource is not defined:

Default: SecurityGateway * Authentication.ControlAPI.Restriction.Roles.Pattern ".*"

This global setting may be overridden in each mapping.