SSO between Gateway and IAM
6.4.2.2. SSO from Airlock Gateway (WAF) Config Center to IAM Adminapp

This section describes how to access the IAM Adminapp through the Airlock Gateway (WAF) Config Center. Typically this means that the IAM Adminapp will be accessed through the Gateway (WAF) Management Network Interface.

Some 8.1. application parameters must be adapted for Airlock Gateway (WAF)F. You may use a shell as described in the previous section to the edit the "instance.properties" file. The change requires a restart of the container.

/home/airlock/iam/instances/auth/instance.properties

iam.web-server.connectors = http

The first time you access the IAM Adminapp, The user/password credentials "admin"/"password" will work. Later, SSO should be enabled to allow access through the links in the Airlock Gateway (WAF) Config Center:

# Copy Airlock Gateway (WAF) SSO assertion key to IAM volume:
airlock-docker-cli cp /opt/airlock/custom-settings/mgt-auth/assertion-key.properties iam:/home/airlock/iam/assertion-key.properties

# Use a "root" shell to fix the file permissions:
airlock-docker-cli run \
	--entrypoint /bin/bash -it --rm \
	--mount source=iam-config,target=/home/airlock/iam \
	--user 0 \
	airlock-iam:7.6 \
	-c 'chown airlock:root /home/airlock/iam/assertion-key.properties && chmod 660 /home/airlock/iam/assertion-key.properties'

Airlock Gateway (WAF) will generate a new assertion-key.properties on start-up if the file does not exist. When a new assertion key is generated the new key must be copied into the IAM container again.

The SSO parameter name "alecAssertion" and the ticket decoder named "Airlock Assertion Ticket Decoder" should be configured in the "Adminapp > Administrators > SSO Settings" using the Config Editor.

The IAM Adminapp CORS Filter might deny requests using the Airlock Gateway (WAF) Config Center domain name. To solve this, configure CORS settings for the Adminapp to allow the domain name of the Gateway (WAF) Config Center. This can be achieved by adding the FQDN used to access the Gateway (WAF) Config Center to "Adminapp > Adminapp REST API Configuration > Cors Settings".