Request flow

  • The end user (REST client) is authenticated using the REST Auth API (Loginapp). 
  • After successful authentication, Airlock Gateway (WAF) credentials are stored in the Gateway (WAF) session and subsequent calls to the protected REST service are therefore possible without further interaction with Airlock IAM.
  • After a session timeout, a one-shot call to IAM results in sending a HTTP 401 response to the client.
  • The example uses username/password authentication (no second factor).

The IAM One-Shot end-point (HTTP request authentication (Airlock One-Shot flow)) is only used to return a HTTP 401 response and through this make the REST client call the authentication API.

An alternative way to return a HTTP 401 is to overwrite the Gateway (WAF) 401 error page with an ".asis"-Response (see Airlock Gateway (WAF) documentation for details).