Airlock IAM acts as Access Policy Information Point and partially Access Policy Decision Point, i.e. it provides information used by the Airlock Gateway (WAF) and takes access decisions (e.g. Step-Up).
Required information
To do so, IAM needs the following information:
- Roles of users:
- to provide the information to the Airlock Gateway (WAF)
- to take decisions (e.g. for Step-Up)
- Target Applications:
- for step-up authentication (and similar concepts)
- for identity propagation (not part of the current access control).
Applied to the above example scenario, Airlock IAM roughly holds the following access policy user information:
User | Granted Roles |
---|---|
User1 | - |
User2 | customer + admin |
User3 | customer |
User4 | admin |
Information storage
The above information is stored in:
- Roles: user directory (typically the IAM database)
- Target applications: configuration
Please consult Securing applications with the JSP-Loginapp for further information about configuration.