Configuration of application and service mappings

Depending on the used IAM features, use the corresponding Denied Access URL and Authentication Flow in the Airlock Gateway mapping of the application or service protected by Airlock IAM:

IAM Feature

Denied Access URL

Authentication Flow

Loginapp (JSP) (HTML/JSP based, form-based login application)


  • Using /login instead does not work with certain features such as step-up authentication.
  • Using /check-login will not propagate the Forward Location to the Loginapp REST UI.




The /check-login entry point of the JSP-Loginapp also works with the Loginapp REST UI if (and only if) the JSP-Loginapp is not configured (no Loginapp >> Authentication Settings present in the configuration).

Make sure to enable Loginapp >> Miscellaneous Settings >> Keep Location Parameter: the setting ensures that a target application URL passed to /check-login as Location parameter is preserved for the Loginapp REST UI.

Note that this option does not work correctly due to a bug in IAM versions up to (including) IAM 7.4.2.





One-shot with body






Front-side NTLM