Example template as a starting point
The Airlock IAM configuration template Demo configuration using the Loginapp REST UI features a complex authentication flow using the Remember-Me feature for the here described use-case.
The demo configuration uses all settings for a safe and functional start – you may want to check it out.
Global Remember-Me settings
Only one Remember-Me cookie can be stored in a browser/device for all authentication flows. The Remember-Me steps may be used in several flows and grant different sets of tags but they all refer to the same cookie and the same settings. See also Remember-Me limitations.
The global Remember-Me settings for all flow steps are configured here:
Loginapp >> Authentication Flows >> Remember-Me Settings
Configuration hints for selected configuration properties:
Setting | Configuration hints |
Repository |
|
Logout Behaviour |
|
Lifetime, Idle Timeout |
The lifetime of a token should be limited to a reasonably short value. The rule of thumb is: as long as necessary to fulfill the purpose, but as short as possible to minimize the risk of potential attacks. Both settings allow values in days, hours, or a combination of both. |
Cookie Name |
|
Cookie Domain, Cookie Path |
|
For further information on configuration properties, please refer to the documentation in the Config Editor.
Flow step configuration
The Remember-Me feature offers two flow steps:
- ●Remember-Me User Identifying Step
- ●Remember-Me Token Generating Step
They automatically use the global Remember-Me settings (see above).
The steps need to be placed carefully and in the correct order to work securely and as desired. The following table gives some hints for known use cases. If using the step for other use cases, consider carefully where the steps are placed in the flow.
Flow step name and purpose | Use case | Position within authentication flow |
Remember-Me User Identifying Step – this flow step checks the Remember-Me cookie. |
|
|
|
| |
Remember-Me Token Generating Step – this flow step generates the cookie with the Remember-Me token. |
|
|
Other Remember-Me related settings
Setting | Supportive information |
Consistency listener |
|
Remember-Me token migration | To make the Remember-Me User Identifying Step accept cookies that have been issued by the JSP-Loginapp's Remember-Me feature, use the property JSP Remember-Me Settings: it references the old loginapp's Remember-Me settings so it can extract and decode its Remember-Me cookies. |
Additional information and links
- ●Conceptual information and examples: 10.3. Remember-Me in authentication flows
- ●
- ●Loginapp REST UI configuration: 17.3.1.1.4. Remember-Me configuration Loginapp REST UI
- ●Adminapp configuration: 18.9. Remember-Me configuration in Adminapp
- ●Service container configuration: 19.6. Remember-Me token cleanup task configuration
- ●Airlock Gateway: Passthrough cookie configuration in Application settings