Use-Case:
- The HTTP client sends a token, e.g. a JSON Web Token (JWT) in a header to authenticate the client
- Airlock Gateway (WAF)/IAM use the one-shot flow to validate the token and extract user information from it
- Airlock IAM may optionally perform lookup in the user directory (LDAP, DB, ...) to perform additional checks or add more information
Configuration hints:
- Credential Extractor: use plugin HTTP Header Token Extractor (as SSO Credential)
- Header Name: e.g. "Authorization"
- Decoder: e.g. "JWT Ticket Decoder"
- the ticket decoder, such as JWT Ticket Decoder
- all other properties according to the plugin documentation
- Authenticator: plugin "Lookup and Accept Authenticator" may be used to look-up the user in the directory