One-Shot authentication
17.6. HTTP request authentication (Airlock One-Shot flow)

Airlock Gateway (WAF) provides several authentication flows (see mapping configuration):


Main Usage
Web application
Redirect browser to login page (denied access URL) if role missing on mapping.
REST clients
If role missing on mapping, temporarily stop request in Airlock Gateway (WAF) and send HTTP header to IAM (denied access URL) for inspection.
One-Shot with body
REST clients
Same as One-shot but with HTTP body sent to IAM.

Note that the one-shot requests are only sent from Airlock Gateway (WAF) to IAM if the required role(s) are missing on the mapping.

Further information and links