Configuration of application and service mappings

Depending on the used IAM features, use the corresponding Denied Access URL and Authentication Flow in the Airlock Gateway mapping of the application or service protected by Airlock IAM:

IAM Feature	Denied Access URL	Authentication Flow
Loginapp (JSP) (HTML/JSP based, form-based login application)	<loginapp-uri>/check-login ● Using /login instead does not work with certain features such as step-up authentication. ● Using /check-login will not propagate the Forward Location to the Loginapp REST UI.	Redirect
● 17.3. Loginapp REST UI	<loginapp-uri>/ui/app/auth/application/access The /check-login entry point of the JSP-Loginapp also works with the Loginapp REST UI if (and only if) the JSP-Loginapp is not configured (no Loginapp >> Authentication Settings present in the configuration). Make sure to enable Loginapp >> Miscellaneous Settings >> Keep Location Parameter: the setting ensures that a target application URL passed to /check-login as Location parameter is preserved for the Loginapp REST UI. Note that this option does not work correctly due to a bug in IAM versions up to (including) IAM 7.4.2.	Redirect
● 17.6. HTTP request authentication (Airlock One-Shot flow) ● 12.3. Securing REST APIs/service APIs ● 10.2.13. Front-side Kerberos authentication (with one-shot flow)	<loginapp-uri>/login-oneshot	One-shot
● 12.6.2.2. Airlock Gateway (WAF) and IAM configuration for NextGenPSD2 ● 12.6.3.2. Airlock Gateway (WAF) configuration for STET PSD2	<loginapp-uri>/login-oneshot	One-shot with body
● 17.4.1.16. Web service authentication using client certificates	<loginapp-uri>/ws-auth	One-shot
● 10.2.13. Front-side Kerberos authentication (with redirect flow)	<loginapp-uri>/check-spnego	Redirect
● 10.2.14. Front-side NTLM authentication	<loginapp-uri>/check-ntlm	Front-side NTLM