Airlock IAM and Airlock Gateway (WAF) can be used to authenticate web service requests using client certificates.
Note that this feature has been deprecated and will be removed. See Features discontinued with the JSP-Loginapp.
To authenticate web service requests with client certificates, use the one-shote feature described in HTTP request authentication (Airlock One-Shot flow).
The roles of Gateway (WAF) and IAM are as follows:
- Airlock Gateway (WAF):
- Checks the client certificate's validity and makes sure the issuer is trusted (i.e. signed by a trusted CA).
- Sends a request to Airlock IAM with the client certificate (using "one-shot" authentication).
- Airlock IAM:
- Makes sure, the client certificate is known, i.e. the subject in the certificate is known.
- Decides what roles are issued to Airlock in order to authenticate the request.