12.3.2.1. Request flow
  • The end user (REST client) is authenticated using the REST Auth API (Loginapp). 
  • After successful authentication, IAM issues a JWT to the REST client.
  • The JWT can be used on 3rd party systems that are not connected to IAM
  • JWTs in requests sent to Airlock Gateway (WAF) are authenticated by inspecting the JWT. This involves IAM's one-shot interface.
  • The example uses username/password authentication (no second factor).
63983344.png