Microgateway configuration
8.3.2. Airlock Microgateway for Airlock IAM configuration

The IAM Loginapp must necessarily be placed behind an Airlock Gateway or Airlock Microgateway. It is configured as back-end application that is allowed to authenticate sessions.

This applies to both Loginapp (JSP) and the Loginapp REST API.

Each of the Airlock IAM modules (i.e. Loginapp or Adminapp) may be used with a single Airlock Microgateway mapping. 

  • However, multiple mappings are required in the following situations:
  • Two or three mappings are required if the Airlock Microgateway's API Enforcement feature is used to protect IAM's Loginapp REST API (enhances security).
  • Two mappings are required if client certificate authentication is mixed with form-based authentication in one virtual host (domain).

Procedure-related prerequisites

  • Airlock Microgateway mappings must be available as separate files for each mapping.

Download the required Microgateway mappings

Airlock Microgateway version
Airlock IAM version
Mapping template
2.0 and newer
7.5 and newer
  • CSRF token protection of Airlock Microgateway:
  • The gateway CSRF token protection is activated on all Loginapp REST Mappings.
  • This may require small changes to your single-page application to handle possible CSRF Blocks. If this is not possible, the CSRF protection on these mappings can be disabled to return to the previous behavior.

Microgateway DSL

  • 1.
    Open the Microgateway DSL in the preferred Editor
  • 2.
    add a mapping name
  • 3.
    add a mapping_template_file
  • 4.
    add api_security.openapi
  • 5.
    add api_security.openapi.spec_file
  • The mapping is loaded and validated against the openapi specification provided

Example

The following code sample shows an excerpt from a Microgateway DSL:

copy
- name: iam-loginapp-rest-public
  mapping_template_file: /config/templates/loginapp-7.6-REST-public.xml
  api_security:
    openapi:
      spec_file: /config/templates/login-rest-openapi.json
  ...
- name: iam-loginapp-rest-protected
  mapping_template_file: /config/templates/loginapp-7.6-REST-protected.xml
  api_security:
    openapi:
      spec_file: /config/templates/login-rest-openapi.json
  ...