Using the Airlock 2FA self-services UI with the JSP-based Loginapp





Airlock IAM

  • Airlock IAM 7.3 or newer.
  • An Airlock 2FA subscription is required.

For licensing:

Intended solution environment

The Airlock IAM Loginapp provides self-service features that allow logged-in users to manage their own Airlock 2FA app devices. However, there is no web front-end for the Loginapp (JSP). A web front-end is only provided for the Loginapp REST UI that is based on the Loginapp REST API.

This article describes how to combine the two Loginapp types as follows:

  • Use the Loginapp REST UI for the Airlock 2FA self-services only.
  • Use the Loginapp (JSP) for everything else including authentication.


  • Understand how to configure Airlock IAM to implement the use-case.
  • Understand how to configure the Airlock Gateway (WAF) to implement the use-case.
  • Know the limitations of the setup.

All following procedures are exemplary and will vary according to your setup or needs.

Initial thoughts

The intended solution can be implemented with the following setup:

  • Unauthenticated access to the Airlock 2FA self-services UI in the Loginapp REST UI must result in authentication in the Loginapp (JSP).
    This can be achieved by editing the Airlock Gateway (WAF) mapping.
  • The Airlock 2FA self-services UI is configured as a target application in the Loginapp (JSP).
  • The identity and role of the authenticated user is securely transported to the Loginapp REST UI using HTTP cookie-based identity propagation.
  • The Loginapp REST API is configured to interpret the identity propagation cookie from the Loginapp (JSP) in an authentication flow.
  • The resulting flow session will allow access to the Airlock 2FA self-services for the logged-in user.

The single configuration pieces are described in detail separately.


  • The Loginapp (JSP) is configured to authenticate users. Authentication is such that access to the Airlock 2FA self-service is possible.
  • Both the Loginapp REST API and a Loginapp REST UI for Airlock 2FA self-services are configured.