The control API command HTTP_NTLM allows adding NTLM credentials to an Airlock Gateway session. In order to use NTLM authentication for the back-end application, the option "SSO credential propagation" on the mapping must be set to "NTLM".
The command syntax is:
;; HTTP_NTLM
ntlm-command = ntlm-command-name "=" ntlm-command-value
ntlm-command-name = "HTTP_NTLM"
ntlm-command-value = ntlm-definitions
ntlm-definitions = ntlm-definition [ "," ntlm-definitions ]
ntlm-definition = ntlm-value [ "@" mapping-name ]
;at this place 'ntlm-value' must be percent encodedNote:
The ntlm-value must be supplied in the format username:password or domainname\username:password. If no mapping name is provided in ntlm-definition the scope of the definition is global, i.e., it is valid on all mappings. When global credentials are set, all mapping-specific credentials defined so far are removed. Since a back-end request may only use a single set of credentials, global definitions will only be used for a back-end request if no mapping-specific definition is available. Existing NTLM credentials are removed from an Airlock Gateway session if the ntlm-definition is empty.
Example:
The pseudo code examples below show how to set the NTLM credentials using the control API.
Pseudo code:
response.header="Set-Cookie: AL_CONTROL="+URL_Encode("HTTP_NTLM="+URL_Encode(UTF8_Encode("username:password"))+"@mapping1")
Results in:
Set-Cookie: AL_CONTROL=HTTP_NTLM%3Dusername%253Apassword%40mapping1
Pseudo code:
response.header="Set-Cookie: AL_CONTROL="+URL_Encode("HTTP_NTLM="+URL_Encode(UTF8_Encode("domainname\\username:password"))+"@mapping2")
Results in:
Set-Cookie: AL_CONTROL=HTTP_NTLM%3Ddomainname%255Cusername%253Apassword%40mapping2
The examples shown above use the pseudo function UTF8_Encode(). Airlock Gateway only performs a URL_Decode() and does not require UTF-8 encoding. However, the back-end application might require additional encodings, such as UTF-8 or ISO-8859-1.