17.4.3.5.3.1. Configuration

Loginapp SSO ticket configuration

To accept SSO-Tickets in the Loginapp, configure the following:

  • Loginapp >> Authentication Settings >> SSO Ticket Settings
  • Add the plugin SSO Ticket Config
  • As Ticket Decoder we recommend using JWT Ticket Decoder

Adminapp SSO ticket configuration

To accept SSO-Tickets in the Loginapp, configure the following:

  • Adminapp >> Administrators >> SSO Settings
  • Add the plugin Administrators Single Sign-on Config
  • As Ticket Decoder" we recommend using JWT Ticket Decoder

Security hints

In both the Loginapp and Adminapp, a ticket decoder must be chosen in "SSO ticket settings". The matching ticket encoder has to be chosen in the application issuing the authentication tickets.

You must make sure, that the ticket is protected appropriately.

Use one of the following ticket encoder/decoder plug-ins (more plug-ins may be added in later versions of Airlock IAM):

  • JWT Ticket Encoder/Decoder (Uses a standard, signed JWT token, optionally encrypted)  - always use this if possible
  • AES256 Encryption Ticket Encoder / Decoder (Uses a shared AES 256 key)

Do not use one of the following ticket encoder / decoder pairs (except for testing/demonstration) - they do not protect the ticket:

  • Plain Ticket Encoder / Decoder
  • Plain Base-64 Ticket Encoder / Decoder
  • GZip Base-64 Ticket Encoder / Decoder