9.2.1. Basic preparation steps

Context-dependent configuration requires thorough determination and solid configuration. The following content guides you through those two stages.

Step 1 - Determine the configuration context

For every action taken by Airlock IAM (e.g. answer an authentication request), the active configuration context is determined, in order to select to the corresponding configuration.

The configuration context is determined as follows:

  • 1.
    Look at the current HTTP request: using the configured context extractor plugin
  • 2.
    The context retention policy decides whether to use the context
    • 1.
      for every request
    • 2.
      for the whole session

There are several context extractor plugins. Custom context extractor plugins can be written, if required.

Example plugins:

Plugin Name
Description
URL Context Extractor
Determines the configuration context by matching the URL (as seen by the browser; including the domain) against a list of configured rules.
Forward Location Context Extractor
Determines the configuration context by matching the URL of the accessed target application against a list of configured rules.
IP Address Context Extractor
Determines the configuration context by matching the client (browser) IP address against a list of configured rules.
Client Certificate Context Extractor
Determines the configuration context by matching information from the client certificate (mutual SSL) against list of configured rules.
HTTP Parameter Context Extractor
Determines the configuration context by matching a HTTP parameter against a list of configured rules.
Static Context Extractor
Uses a statically configured context.

There are plugins combining several of the above methods: Combining Context Extractor  and Concatenating Context Extractor.

To get a full list of existing context extractor plugins, please open the Config Editor and add a new context extractor plugin.

Step 2 - Context-dependent configuration

  • Every configuration property may be defined differently for each configuration context.
  • If no context-specific value is configured for a given context, the default context value is used.

Thus, only the values that are really context-dependent - these are typically very few - must be configured for each context. All the rest of the configuration is defined only once.