Authentication flows
17.7.3.4. Authentication flow for IAM as OAuth or OIDC client configuration

The instruction-lists in this chapter apply to the Loginapp REST API only.

Procedure-related prerequisites

  • You need to be logged in to the Airlock IAM Adminapp and be able to access the Config Editor.
  • An OAuth or OIDC client configuration must be available.
  • Configure a target application
  • 1.
    Go to:
    Loginapp Authentication Flows
  • 2.
    Create a Target Application plugin in the Default Application or Applications setting
  • 3.
    Go to:
    Target Application and configure the plugin
  • 4.
    Application ID: Set an identifier for the application. This identifier will be referenced by other configurations.
  • 5.
    Create an Authentication Flow plugin in the Authentication Flow setting
  • Airlock IAM is configured with a target application and is ready for the configuration of the authentication flow.
  • Configure an authentication flow
  • 1.
    Go to:
    Target Application Authentication Flow
  • 2.
    Create an OAuth 2.0 SSO Step in the Steps setting
  • 3.
    Go to:
    OAuth 2.0 SSO Step
  • 4.
    Provider Identifier select one of the previously configured providers.
  • Airlock IAM is configured with an authentication flow that will use a remote authorization server for authentication.
  • Identity propagation option
  • 1.
    Go to:
    Target Application Authentication Flow
  • 2.
    Configure a plugin in the Identity Propagation setting that meets the requirements of the target application.
  • After the successful completion of the authentication flow, Airlock IAM will propagate the configured attributes to the target application.
  • Example: A Generic Identity Propagation plugin will configure identity propagation to deliver the access token to the target application with the following settings:

    • Ticket Adder: Request Header Ticket Adder
    • Ticket String Provider: Template-Based String Provider
      • Value Provider: OAuth 2.0 Tokens Map
      • Template:Bearer ${access_token}
  • Persistency-less option
  • 1.
    Go to
    Target Application Authentication Flow
  • 2.
    In Security Settings enable the Persistency-less option
  • Airlock IAM will accept credentials from the remote authorization server without validating a local user account.

Further information and links