AS-centric AS - Authentication flow configuration

Applications authenticating against an OAuth 2.0 AS newly require a corresponding authentication flow (previous "OAuth 2.0 AS Access Config").

Creating a new authentication flow requires the following steps:


  • The authorization server must already be configured.

Target application

  1. Go to Loginapp >> Authentication Flows
  2. Create a new Target Application in the Applications section
  3. Configure Application ID and Application Selector
  4. Create an OAuth 2.0/OIDC ID Propagator plugin
  5. Optionally configure Airlock Gateway (WAF) Mapping Roles (Credentials)
  6. The target application is configured with identity propagation but without an authentication flow

Authentication flow

  1. Go to Loginapp >> Authentication Flows >> your target application
  2. Create an Authentication Flow plugin with the following properties
    • Start the flow with a user identifying step (e.g. Username Password Authentication Step)
    • Optionally add additional authentication steps (e.g. Airlock 2FA Step for Authentication)
    • Configure the flow to provide the authenticated tag on success
    • Optionally add a skip condition for the authenticated tag
    • Add an OAuth 2.0 Consent Step after the authentication steps
  3. Add tags and conditions based on your previous configuration of "Role Transformation Rules" and "Specific Access Policy in "OAuth 2.0 AS Access Config"

Authorization flow

  1. Optionally, configure an authorization flow including following steps based on your previous configuration in "OAuth 2.0 AS Access Config"
  2. "Required Role Step"
  3. "Terms of Service Step"

Authorization server

  1. Go to Loginapp >> OAuth 2.0/OIDC Authorization Servers >> {{AS-ID}} >> OIDC Authorization Code Flow
  2. In the Flow Settings section configure the Flow Application ID with the previously configured Application ID of the target application