The following table provides an overview of all relevant URLs when using Airlock IAM as SAML identity provider (IDP).
The SAML IDP endpoint URLs are new for IAM 7.6.
However, old SAML endpoint URLs are still supported such that existing remote SPs do not have to be reconfigured when migrating the IDP from the JSP-Loginapp to the Loginapp REST UI.
Note that the URLs depend on the SAML configuration, especially the configured metaAlias (which is iamIdP in the templates provided in this documentation).
All URLs are specified relative to the Airlock IAM context path (e.g. https://iam.host.com/auth/).
URL scheme | Meaning | Examples |
|---|---|---|
| SSO endpoint for redirect binding. |
|
| SSO endpoint for POST binding. |
|
| Artifact resolution endpoint. |
|
| SLO endpoint for POST- and redirect binding. |
|
| SAML error page in the Loginapp REST UI. |
|
Make sure to use an up-to-date Airlock Gateway mapping template file (7.6 or newer) and activate the SAML allow rule.
The documented Legacy URLs are still supported and correspond to the URLs used in Airlock IAM versions 7.5 and older (in the JSP-Loginapp).
Use them if there are existing SPs that rely on the URLs and you do not want to change the SP configuration.
URL scheme | Meaning | Examples |
|---|---|---|
| SSO endpoint for redirect binding. |
|
| SSO endpoint for POST binding. |
|
| Artifact resolution endpoint. |
|
| SLO endpoint for POST- and redirect binding. |
|
| SAML error page in the Loginapp REST UI. |
|