To retrieve Tech-Client attributes from Airlock IAM, the Airlock Gateway connects to the API Policy Service. It is crucial for security that only trusted IAM instances are contacted by the gateway.
For this reason, a shared secret is used on both sides in addition to the connection security measures (TLS). The shared secret is used to sign requests and involves a timestamp. It is therefore essential that the clocks of all involved components (Airlock Gateway and Airlock IAM) are synchronized.
Note that the Airlock Gateway can connect to multiple IAM instances for different APIs. The API Policy Service to connect to is therefore selected in the Mapping configuration.