Authentication flow configuration AS-centric AS - Authentication flow configuration

Applications authenticating against an OAuth 2.0 AS newly require a corresponding authentication flow (previous "OAuth 2.0 AS Access Config").

Creating a new authentication flow requires the following steps:


  • The authorization server must already be configured.

Target application

  • 1.
    Go to Loginapp >> Authentication Flows
  • 2.
    Create a new Target Application in the Applications section
  • 3.
    Configure Application ID and Application Selector
  • 4.
    Create an OAuth 2.0/OIDC ID Propagator plugin
  • 5.
    Optionally configure Airlock Gateway (WAF) Mapping Roles (Credentials)
  • The target application is configured with identity propagation but without an authentication flow

Authentication flow

  • 1.
    Go to Loginapp >> Authentication Flows >> your target application
  • 2.
    Create an Authentication Flow plugin with the following properties
    • Start the flow with a user identifying step (e.g. Password Authentication Step)
    • Optionally add additional authentication steps (e.g. Airlock 2FA Step for Authentication)
    • Configure the flow to provide the authenticated tag on success
    • Optionally add a skip condition for the authenticated tag
    • Add an OAuth 2.0 Consent Step after the authentication steps
  • 3.
    Add tags and conditions based on your previous configuration of "Role Transformation Rules" and "Specific Access Policy in "OAuth 2.0 AS Access Config"

Authorization flow

  • 1.
    Optionally, configure an authorization flow including following steps based on your previous configuration in "OAuth 2.0 AS Access Config"
  • 2.
    "Required Role Step"
  • 3.
    "Terms of Service Step"

Authorization server

  • 1.
    Go to Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-ID}} >> OIDC Authorization Code Flow
  • 2.
    In the Flow Settings section configure the Flow Application ID with the previously configured Application ID of the target application