ti&m secure mobile one-shot configuration

This feature is deprecated and will be removed in IAM 8.0.

General information about the one-shot concept can be found here: HTTP request authentication (Airlock One-Shot flow).

To authenticate request from the App to the protected service, configure the one-shot endpoint in IAM as follows (see also screenshot):

  • Create a one-shot target application configuration (seeĀ HTTP request authentication (Airlock One-Shot flow))
  • As credential extractor, choose and configure the "Ti&m Credential Extractor" plugin. It knows how to extract the access token and other information from the request sent by the app.
  • As authenticator plugin, choose and configure the "Ti&m Secure Mobile Authenticator" plugin. It knows how to check access tokens with the ti&m Security Server.
  • TheĀ "Ti&m Secure Mobile Authenticator" makes various pieces of information available for identity propagation in the user's context data container (see plugin documentation). They can be used with any identity propagator supporting context data (e.g. "Cookie Ticket Identity Propagator" with the "Mapping Ticket Service").

For further details, please refer to the plugin- and property documentation in the Config Editor.