The following use-case are good examples of what configuration contexts were designed for.
Common Properties of Recommended Use Cases
- ●Configuration context can be extracted from every HTTP request
- ●Configuration context extraction works regardless of an HTTP request's IAM URI (e.g. login page, check-login URL, OAuth end-point, or step-up authentication). Exception: Use-Case marked with *.
- ●Very similar configuration for each configuration context
Use-Case | Description / Example | Recommendations / Remarks |
RU1: Internal/External Access | Employees access the same protected applications/services internally ("internal access") and from the internet ("external access"). Internal access requires single factor authentication but external access requires strong authentication. |
Context Extractors for this use-case: "URL Context Extractor", "IP Address Context Extractor". |
RU2: Multiple Similar Tenants | IAM is used for multiple tenants that are very similar. Tenants e.g. only differ in the name of the user table (or directory tree). |
Context Extractors for this use-case: "URL Context Extractor" |
RU3: Client-Certificate (X.509) dependent Configuration | Users are authenticated using client certificates (X.509) and configuration is slightly different depending on the certificate. Examples:
|
Context Extractors for this use-case: "Client Certificate Context Extractor" |
RU4: Special Settings for a single IAM URL* | A single IAM page requires slightly different settings than all others. |
Context Extractors for this use-case: "URL Context Extractor", "Http Parameter Context Extractor". |
RU5: Testing/Demoing | Try out or demonstrate different variants of a feature while keeping most of the configuration constant. Different features may be selected by URL, for example, and can be shown/tested without configuration change or just by changing the context. |
Context Extractors for this use-case: "URL Context Extractor", "Static Context Extractor". |
Combined Use-Cases | Use-cases may be combined using extractors that process multiple other context extractors. Example: Evaluate both the domain (multiple tenants) and the client IP address (internal/external access) to determine the context. Example: Evaluate first the domain to set and use a configuration context. If the domain does not determine the configuration context, evaluate the client IP address to determine a configuration context. |
Context Extractors for this use-case: "Combining Context Extractor", "Concatenating Context Extractor". |