The instruction-lists in this chapter apply to the Loginapp REST API only.
Procedure-related prerequisites
- ●You need to be logged in to the Airlock IAM Adminapp and be able to access the Config Editor.
- ●An OAuth or OIDC client configuration must be available.
- Configure a target application
- 1.Go to:
Loginapp ► Authentication Flows - 2.Create a Target Application plugin in the Default Application or Applications setting
- 3.Go to:
Target Application and configure the plugin - 4.Application ID: Set an identifier for the application. This identifier will be referenced by other configurations.
- 5.Create an Authentication Flow plugin in the Authentication Flow setting
- Airlock IAM is configured with a target application and is ready for the configuration of the authentication flow.
- Configure an authentication flow
- 1.Go to:
Target Application ► Authentication Flow - 2.Create an OAuth 2.0 SSO Step in the Steps setting
- 3.Go to:
OAuth 2.0 SSO Step - 4.Provider Identifier select one of the previously configured providers.
- Airlock IAM is configured with an authentication flow that will use a remote authorization server for authentication.
- Identity propagation option
- 1.Go to:
Target Application ► Authentication Flow - 2.Configure a plugin in the Identity Propagation setting that meets the requirements of the target application.
- After the successful completion of the authentication flow, Airlock IAM will propagate the configured attributes to the target application.
- ●Ticket Adder: Request Header Ticket Adder
- ●Ticket String Provider: Template-Based String Provider
- ●Value Provider: OAuth 2.0 Tokens Map
- ●Template:Bearer ${access_token}
Example: A Generic Identity Propagation plugin will configure identity propagation to deliver the access token to the target application with the following settings:
- Persistency-less option
- 1.Go to
Target Application ► Authentication Flow - 2.In Security Settings enable the Persistency-less option
- Airlock IAM will accept credentials from the remote authorization server without validating a local user account.
Further information and links
- ●See 17.2.2.2. Configuration - REST authentication API for more information on configuring target applications and authentication flows.
- ●The persistency-less option cannot be used with account linking as decribed here 13.5.2. Account linking overview.