Application/service mappings
8.3.1.2. Configuration of application and service mappings

Depending on the used IAM features, use the corresponding Denied Access URL and Authentication Flow in the Airlock Gateway mapping of the application or service protected by Airlock IAM:

IAM Feature
Denied Access URL
Authentication Flow
Loginapp (JSP) (HTML/JSP based, form-based login application)
<loginapp-uri>/check-login
  • Using /login instead does not work with certain features such as step-up authentication.
  • Using /check-login will not propagate the Forward Location to the Loginapp REST UI.
Redirect
<loginapp-uri>/ui/app/auth/application/access

The /check-login entry point of the JSP-Loginapp also works with the Loginapp REST UI if (and only if) the JSP-Loginapp is not configured (no Loginapp >> Authentication Settings present in the configuration).

Make sure to enable Loginapp >> Miscellaneous Settings >> Keep Location Parameter: the setting ensures that a target application URL passed to /check-login as Location parameter is preserved for the Loginapp REST UI.

Note that this option does not work correctly due to a bug in IAM versions up to (including) IAM 7.4.2.

Redirect
<loginapp-uri>/login-oneshot
One-shot
<loginapp-uri>/login-oneshot
One-shot with body
<loginapp-uri>/ws-auth
One-shot
<loginapp-uri>/check-spnego
Redirect
<loginapp-uri>/check-ntlm
Front-side NTLM