Authentication flow for IAM as OAuth or OIDC client configuration

The instruction-lists in this chapter apply to the Loginapp REST API only.

Procedure-related prerequisites

●
You need to be logged in to the Airlock IAM Adminapp and be able to access the Config Editor.

●
An OAuth or OIDC client configuration must be available.

Configure a target application
1.
Go to:
Loginapp ► Authentication Flows
2.
Create a Target Application plugin in the Default Application or Applications setting
3.
Go to:
Target Application and configure the plugin
4.
Application ID: Set an identifier for the application. This identifier will be referenced by other configurations.
5.
Create an Authentication Flow plugin in the Authentication Flow setting
Airlock IAM is configured with a target application and is ready for the configuration of the authentication flow.

Configure an authentication flow
1.
Go to:
Target Application ► Authentication Flow
2.
Create an OAuth 2.0 SSO Step in the Steps setting
3.
Go to:
OAuth 2.0 SSO Step
4.
Provider Identifier select one of the previously configured providers.
Airlock IAM is configured with an authentication flow that will use a remote authorization server for authentication.

Identity propagation option
1.
Go to:
Target Application ► Authentication Flow
2.
Configure a plugin in the Identity Propagation setting that meets the requirements of the target application.
After the successful completion of the authentication flow, Airlock IAM will propagate the configured attributes to the target application.

Example: A Generic Identity Propagation plugin will configure identity propagation to deliver the access token to the target application with the following settings:

●
Ticket Adder: Request Header Ticket Adder
●
Ticket String Provider: Template-Based String Provider

●
Value Provider: OAuth 2.0 Tokens Map
●
Template:Bearer ${access_token}

Persistency-less option
1.
Go to
Target Application ► Authentication Flow
2.
In Security Settings enable the Persistency-less option
Airlock IAM will accept credentials from the remote authorization server without validating a local user account.

Further information and links

●
See 17.2.2.2. Configuration - REST authentication API for more information on configuring target applications and authentication flows.
●
The persistency-less option cannot be used with account linking as decribed here 13.5.2. Account linking overview.