One-Shot authentication
17.6. HTTP request authentication (Airlock One-Shot flow)

Airlock Gateway (WAF) provides several authentication flows (see mapping configuration):

63970071.png

Type
Main Usage
Description
Redirect
Web application
Redirect browser to login page (denied access URL) if role missing on mapping.
One-shot
REST clients
If role missing on mapping, temporarily stop request in Airlock Gateway (WAF) and send HTTP header to IAM (denied access URL) for inspection.
One-Shot with body
REST clients
Same as One-shot but with HTTP body sent to IAM.

Note that the one-shot requests are only sent from Airlock Gateway (WAF) to IAM if the required role(s) are missing on the mapping.

Further information and links