Airlock IAM acts as Access Policy Information Point and partially Access Policy Decision Point, i.e. it provides information used by the Airlock Gateway (WAF) and takes access decisions (e.g. Step-Up).
Required information
To do so, IAM needs the following information:
- ●Roles of users:
- ●to provide the information to the Airlock Gateway (WAF)
- ●to take decisions (e.g. for Step-Up)
- ●Target Applications:
- ●for step-up authentication (and similar concepts)
- ●for identity propagation (not part of the current access control).
Applied to the above example scenario, Airlock IAM roughly holds the following access policy user information:
User | Granted Roles |
User1 | - |
User2 | customer + admin |
User3 | customer |
User4 | admin |
Information storage
The above information is stored in:
- ●Roles: user directory (typically the IAM database)
- ●Target applications: configuration
Please consult 17.4.3. Securing applications with the JSP-Loginapp for further information about configuration.