To secure the back-end server, the Web application's mapping has to be restricted to authenticated users only.
Procedure-related prerequisites
- Configuration takes place in Airlock Gateway.
- You must be logged in as an admin in the Airlock Gateway Configuration Center.
Instruction
- Go to: Application Firewall >> Reverse Proxy.
- Edit the Web application's mapping.
- Change to the Access tab.
- Enter the role under Access restrictions >> Restricted to Roles.
- -Restricted to Roles: authenticated
- Select Authentication flow One-Shot.
- Configure Denied access URL to /auth/login-oneshot
- Under Credential Propagation >> SSO credential propagation, select Kerberos.
- Enable the checkbox Credential mandatory.
This role is set by Airlock IAM after successful authentication.